BGP logs
Calico Cloud pushes BGP activity logs to Elasticsearch. To view them, go to the Discovery view, and from the dropdown menu, select tigera_secure_ee_bgp.* to view the collected BIRD and BIRD6 logs.
The following table details key/value pairs for constructing queries, including their Elasticsearch datatype.
| Name | Datatype | Description |
|---|---|---|
logtime | date | When the log was collected in UTC timestamp format. |
host | keyword | The name of the node where log was collected. |
ip_version | keyword | Contains one of the following values: ● IPv4: Log from BIRD process ● IPv6: Log from BIRD6 process |
message | text | The message contained in the log. |
Once a set of BGP logs has accumulated in Elasticsearch, you can perform many interesting queries. Depending on the field that you want to query, different techniques are required. For example:
- To view BGP logs only for IPv4 or IPv6, query on the
ip_versionfield and sort bylogtime - To see all logs from a specific node, query on the
hostfield - To view events in the cluster, query on the
messagefield