Summary
RouterOS is capable of logging various system events and status information. g Logs can be saved in routers memory (RAM), disk, file, sent by email or even sent to remote syslog server (RFC 3164).
Log messages
Sub-menu level: |
|---|
|
|---|
All messages stored in the device routers local memory can be printed from the menu /log menu. Each entry contains time and date when the event occurred, at topics that this message belongs to and the message itself.
...
| Code Block | ||
|---|---|---|
| ||
[admin@MikroTik] /log> print jan/02/1970 02:00:09 system,info router rebooted sep/15 09:54:33 system,info,account user admin logged in from 10.1.101.212 via winbox sep/15 12:33:18 system,info item added by admin sep/15 12:34:26 system,info mangle rule added by admin sep/15 12:34:29 system,info mangle rule moved by admin sep/15 12:35:34 system,info mangle rule changed by admin sep/15 12:42:14 system,info,account user admin logged in from 10.1.101.212 via telnet sep/15 12:42:55 system,info,account user admin logged out from 10.1.101.212 via telnet 01:01:58 firewall,info input: in:ether1 out:(none), src-mac 00:21:29:6d:82:07, proto UDP, |
...
10.1.101.1:520->10.1.101.255:520, len 452 |
If logs are printed on at the same date when the log entry was added, then only time will be shown. In the example above you can see that the second message was added on sep/15 current year (a year is not added) and the last message was added today so only the time is displayed.
...
| title | Note: |
|---|
...
command accepts several parameters that
...
allows to detect new log entries, print only necessary messages and so on.
...
For example , the following command will print all log messages where one of the topics is info and will detect new log entries until Ctrl+C is pressed:.
| Code Block | ||
|---|---|---|
| ||
[ |
...
admin@MikroTik] /log > print follow where topics~".info" 12:52:24 script,info hello from script -- Ctrl-C to quit. |
If the If print is in follow mode you can hit 'space' on the keyboard to insert separator:
| Code Block | ||
|---|---|---|
| ||
[ |
...
admin@MikroTik] /log > print follow where topics~".info" 12:52:24 script,info hello from script |
...
= = = |
...
= = = |
...
= = = |
...
= = = |
...
= = = |
...
= = = |
...
|
...
= = = |
...
= = = |
...
= = =
-- Ctrl-C to quit. |
Logging configuration
Sub-menu level: |
|---|
|
|---|
| Property | Description |
|---|---|
| action |
| (name; Default: |
| memory) |
| specifies one of the system default actions or user specified action listed in |
| actions menu |
| prefix |
| (string; Default: ) |
| prefix added at the beginning of log messages |
| topics |
| (account, bfd, caps, ddns, dns, error, gsm, info, iscsi, l2tp, manager, ntp, packet, pppoe, radvd, rip, script, smb, sstp, system, timer, vrrp, web-proxy, async, bgp, certificate, debug, dot1x, dude, event, hotspot, interface, isdn, ldp, mme, ospf, pim, pptp, raw, route, sertcp, snmp, state, telephony, upnp, warning, wireless, backup, calc, critical, dhcp, e-mail, firewall, igmp-proxy, ipsec, kvm, lte, mpls, ovpn, ppp, radius, read, rsvp, simulator, ssh, store, tftp, ups, watchdog, write; Default: |
| info) |
| log all messages that |
| falls into |
| specified topic or list of topics. '!' |
character can be used before |
topic to exclude messages falling under this topic. For example, we want to log |
NTP |
debug info without too |
much details: /system logging add topics=ntp,debug,!packet |
/log
System logs
debug
...
Type: string
...
Message that should be printed into log
error
...
Type: string
...
Message that should be printed into log
find
Find items by value
...
Type: query_arg
query: True
...
Generates output depending on values supplied (used mainly for scripting)
get
Gets value of item's property
...
Item number
...
enum [buffer | message | time | topics]
...
Name of the value you want to get
info
...
Type: string
...
Message that should be printed into log
Show local logging information
...
Type: switch
value: True
...
Controls if print to file overwrites or appends to content of an existing file
...
Type: switch
interesting: False
value: True
...
Prints out output as value (used in scripting)
...
Type: switch
value: True
...
Displays brief description
...
Type: switch
value: True
...
Shows only the count of special login users
...
Type: switch
sysc: 3
value: True
...
Type: switch
value: True
...
Displays detailed information
...
Type: string
...
Print the content of the submenu into specific file
...
Type: switch
value: True
...
Updates output in real-time
...
Type: switch
value: True
...
Will output changes that have occured after invoking command
...
Type: switch
value: True
...
Displays information and refreshes it in selected time interval
...
Type: obj_arg
+arg: {'producer': 'enum_arg', 'sub': [{'key': '#mapping', 'value': {'producer': '', 'sub': [{'key': '', 'value': {'producer': 'const_mapping', 'sub': [{'key': 'data', 'value': {'producer': '', 'sub': [{'key': 'buffer', 'value': 0}, {'key': 'message', 'value': 3}, {'key': 'time', 'value': 1}, {'key': 'topics', 'value': 2}]}}, {'key': 'help', 'value': {'producer': '', 'sub': [{'key': 3, 'value': 'Message that should be printed into log'}]}}]}}]}}, {'key': 'acc', 'value': {'producer': '"ufd0007"', 'sub': []}}, {'key': 'hint', 'value': 'Name of the value you want to get'}, {'key': 'setUnsetAcc', 'value': {'producer': '"bfd0008"', 'sub': []}}]}
...
Names of properties
...
Type: switch
value: True
...
Prints static IDs for selected submenu (Requires: Option.npk)
...
Type: switch
value: True
...
Show details in compact and machine friendly format
...
Type: switch
interestings can be saved in routers memory (RAM), disk, file, sent by email or even sent to a remote syslo: False
value: True
...
Show properties one per line
...
Type: query_ar
query: True
...
Generates output depend on values supplied (used mainly for scripting)
...
Type: switcsh
value: thTrue
...
Displys infor] /log> prinmat jan/02/1970 02:00:09 system,info router rebooted sep/15 09:54:33 system,info,aon in one pieccount user admin e
Actions
Sub-menu level: |
|---|
| Property | Description |
|---|---|
| bsd-syslog (yes|no; Default: ) | whether to use bsd-syslog as defined in RFC 3164 |
| disk-file-count (integer [1..65535]; Default: 2) | specifies number of files used to store log messages, applicable only if action=disk |
| disk-file-name (string; Default: log) | name of the file used to store log messages, applicable only if action=disk |
| disk-lines-per-file (integer [1..65535]; Default: 100) | specifies maximum size of file in lines, applicable only if action=disk |
| disk-stop-on-full (yes|no; Default: no) | whether to stop to save log messages to disk after the specified disk-lines-per-file and disk-file-count number is reached, applicable only if action=disk |
| email-start-tls (yes | no; Default: no) | Whether to use tls when sending email, applicable only if action=email |
| email-to (string; Default: ) | email address where logs are sent, applicable only if action=email |
| memory-lines (integer [1..65535]; Default: 100) | number of records in local memory buffer, applicable only if action=memory |
| memory-stop-on-full (yes|no; Default: no) | whether to stop to save log messages in local buffer after the specified memory-lines number is reached |
| name (string; Default: ) | name of an action |
| remember (yes|no; Default: ) | whether to keep log messages, which have not yet been displayed in console, applicable if action=echo |
| remote (IP/IPv6 Address[:Port]; Default: 0.0.0.0:514) | remote logging server's IP/IPv6 address and UDP port, applicable if action=remote |
| src-address (IP address; Default: 0.0.0.0) | source address used when sending packets to remote server |
| syslog-facility (auth, authpriv, cron, daemon, ftp, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, ntp, syslog, user, uucp; Default: daemon) | |
| syslog-severity (alert, auto, critical, debug, emergency, error, info, notice, warning; Default: auto) | Severity level indicator defined in RFC 3164:
|
| target (disk, echo, email, memory, remote; Default: memory) | storage facility or target of log messages
|
Topics
Each log entry have topic which describes the origin of log message. There can be more than one topic assigned to log message. For example, OSPF debug logs have four different topics: route, ospf, debug and raw.
| Code Block | ||
|---|---|---|
| ||
11:11:43 route,ospf,debug SEND: Hello Packet 10.255.255.1 -> 224.0.0.5 on lo0
11:11:43 route,ospf,debug,raw PACKET:
11:11:43 route,ospf,debug,raw 02 01 00 2C 0A FF FF 03 00 00 00 00 E7 9B 00 00
11:11:43 route,ospf,debug,raw 00 00 00 00 00 00 00 00 FF FF FF FF 00 0A 02 01
11:11:43 route,ospf,debug,raw 00 00 00 28 0A FF FF 01 00 00 00 00 |
List of Facility independent topics
| Topic | Description |
|---|---|
| critical | Log entries marked as critical, these log entries are printed to console each time you log in. |
| debug | Debug log entries |
| error | Error messages |
| info | Informative log entry |
| packet | Log entry that shows contents from received/sent packet |
| raw | Log entry that shows raw contents of received/sent packet |
| warning | Warning message. |
Topics used by various RouterOS facilities
| Topic | Description |
|---|---|
| account | Log messages generated by accounting facility. |
| async | Log messages generated by asynchronous devices |
| backup | Log messages generated by backup creation facility. |
| bfd | Log messages generated by BFD protocol |
| bgp | Log messages generated by BGP protocol |
| calc | Routing calculation log messages. |
| caps | CAPsMAN wireless device management |
| certificate | Security certificate |
| dns | Name server lookup related information |
| ddns | Log messages generated by Dynamic DNS tool |
| dude | Messages related to the Dude server package The Dude tool |
| dhcp | DHCP client, server and relay log messages |
| Messages generated by e-mail tool. | |
| event | Log message generated at routing event. For example, new route have been installed in routing table. |
| firewall | Firewall log messages generated when action=log is set in firewall rule |
| gsm | Log messages generated by GSM devices |
| hotspot | Hotspot related log entries |
| igmp-proxy | IGMP Proxy related log entries |
| ipsec | IPSec log entries |
| iscsi | |
| isdn | |
| interface | |
| kvm | Messages related to the KVM virtual machine functionality |
| l2tp | Log entries generated by L2TP client and server |
| lte | Messages related to the LTE/4G modem configuration |
| ldp | LDP protocol related messages |
| manager | User Manager log messages. |
| mme | MME routing protocol messages |
| mpls | MPLS messages |
| ntp | sNTP client generated log entries |
| ospf | OSPF routing protocol messages |
| ovpn | OpenVPN tunnel messages |
| pim | Multicast PIM-SM related messages |
| ppp | ppp facility messages |
| pppoe | PPPoE server/client related messages |
| pptp | PPTP server/client related messages |
| radius | Log entries generated by RADIUS Client |
| radvd | IPv6 radv deamon log messages. |
| read | SMS tool messages |
| rip | RIP routing protocol messages |
| route | Routing facility log entries |
| rsvp | Resource Reservation Protocol generated messages. |
| script | Log entries generated from scripts |
| sertcp | Log messages related to facility responsible for "/ports remote-access" |
| simulator | |
| state | DHCP Client and routing state messages. |
| store | Log entries generated by Store facility |
| smb | Messages related to the SMB file sharing system |
| snmp | Messages related to Simple network management protocol (SNMP) configuration |
| system | Generic system messages |
| telephony | Obsolete! Previously used by the IP telephony package |
| tftp | TFTP server generated messages |
| timer | Log messages that are related to timers used in RouterOS. For example bgp keepalive logs12:41:40 route,bgp,debug,timer KeepaliveTimer expired
12:41:40 route,bgp,debug,timer RemoteAddress=2001:470:1f09:131::1
|
| ups | Messages generated by UPS monitoring tool |
| vrrp | Messages generated VRRP |
| watchdog | Watchdog generated log entries |
| web-proxy | Log messages generated by web proxy |
| wireless | Wireless log entries. |
| write | SMS tool messages. |
Examples
Logging to file
To log everything to file, add new log action:
| Code Block | ||
|---|---|---|
| ||
/system logging action add name=file target=disk disk-file-name=log |
and then make everything log using this new action:
| Code Block | ||
|---|---|---|
| ||
/system logging add action=file |
You can log only errors there by issuing command:
| Code Block | ||
|---|---|---|
| ||
/system logging add topics=error action=file |
This will log into files log.0.txt and log.1.txt.
You can specify maximum size of file in lines by specifying disk-lines-per-file. <file>.0.txt is active file were new logs are going to be appended and once it size will reach maximum it will become <file>.1.txt, and new empty <file>.0.txt will be created.
You can log into USB flashes or into MicroSD/CF (on Routerboards) by specifying it's directory name before file name. For example, if you have accessible usb flash as usb1 directory under /files, you should issue following command:
| Code Block | ||
|---|---|---|
| ||
/system logging action add name=usb target=disk disk-file-name=usb1/log |
| Note |
|---|
Logging entries from files will be stored back in the memory after reboot. |
warning
...
Type: string
...