Syslog Support on cRPD
Eventd is a process that supports forwarding syslog messages to a configured remote host in containerized RPD (cRPD). You can configure syslog messages using the following options:
| Format | Option | Description |
|---|---|---|
| file |
|
Eventd writes the syslog messages to the file. You can create a file and forward
all the syslog messages to the file based on the priority using the command
|
|
|
You can filter the messages based on particular string message using the command
|
|
|
|
You can log the system messages in structured format using the command |
|
|
host |
|
Host option allows you to log the message in remote host using the command
|
|
|
Match string option with host allows you to filter messages based on particular
match string using the command |
|
|
|
Structured format option at host level allows to log the message to remote host in
structured format using the command |
|
|
|
Log prefix option at host level allow you to add text string for every syslog
message that is forwarded to remote host using the command |
|
|
|
Source address option at host level allows you to log the syslog to the remote host
with the specified valid source address using the command |
|
|
|
|
Source address option at syslog level allows you to log the syslog to the remote
host with specified source address using the command |
Directing System Log Messages to Remote Machine
To direct the system log messages to a remote machine, include the host
statement at the [edit system syslog] hierarchy level:
To send system log messages to a remote machine, use the host
hostname statement. Specify the machine’s IPv4/IPv6 address
or fully qualified hostname for WAN and data ports. The remote machine must be running the
standard syslogd utility. In each system log message directed to the remote
machine, the hostname of the local Routing Engine appears after the timestamp to indicate
that it is the source for the message.
[edit system syslog]
host (hostname) {
facility severity;
explicit-priority;
facility-override facility;
log-prefix string;
match "regular-expression";
}
source-address source-address;For the list of logging facilities and severity levels to configure under the
host statement, see Specifying the Facility and Severity of Messages to
Include in the Log.
To record facility and severity level information in each message, include the
explicit-priority statement. For more information, see Including Priority Information in System Log
Messages.
For information about the match statement, see Using Strings and Regular Expressions to Refine the Set of
Logged Messages.
When directing messages to remote machines, you can include the
source-address statement to specify the IP address of the switch that is
reported in the messages as their source. In each host statement, you can
also include the facility-override statement to assign an alternative
facility and the log-prefix statement to add a string to each message.
Configure Server Authentication
To configure the Server Authentication in the device:
Specify the syslog server that receives the system log messages. You can specify the IP address of the syslog server or a fully qualified hostname.
root@crpd1# set system syslog host 10.102.70.233 any anySpecify the port number of the syslog server.
root@crpd1# set system syslog host 10.102.70.233 port 10514Specify the syslog transport protocol for the device.
root@crpd1# set system syslog host 10.102.70.223 transport udpConfigure the device to send all log messages.
root@crpd1# set system syslog file filename any anyIn configuration mode, confirm your configuration by using the
show systemcommand.You can view the log messages using the show log messages command.
root@crpd1> show log messages Sep 19 18:30:21 crpd01 Kernel: Linux version 5.4.0-196-generic (buildd@lcy02-amd64-031) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)) #216-Ubuntu SMP Thu Aug 29 13:26:53 UTC 2024 (Ubuntu 5.4.0-196.216-generic 5.4.280) Sep 19 18:30:21 crpd01 Kernel: Command line: BOOT_IMAGE=/vmlinuz-5.4.0-196-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro maybe-ubiquity Sep 19 18:30:21 crpd01 Kernel: KERNEL supported cpus: Sep 19 18:30:21 crpd01 Kernel: Intel GenuineIntel Sep 19 18:30:21 crpd01 Kernel: AMD AuthenticAMD Sep 19 18:30:21 crpd01 Kernel: Hygon HygonGenuine Sep 19 18:30:21 crpd01 Kernel: Centaur CentaurHauls Sep 19 18:30:21 crpd01 Kernel: zhaoxin Shanghai Sep 19 18:30:21 crpd01 Kernel: Disabled fast string operations ...