Skip to main content
Calico Enterprise 3.19 (latest) documentation

BGP logs

Calico Enterprise pushes BGP activity logs to Elasticsearch. To view them, go to the Discovery view, and from the dropdown menu, select tigera_secure_ee_bgp.* to view the collected BIRD and BIRD6 logs.

The following table details key/value pairs for constructing queries, including their Elasticsearch datatype.

NameDatatypeDescription
logtimedateWhen the log was collected in UTC timestamp format.
hostkeywordThe name of the node where log was collected.
ip_versionkeywordContains one of the following values:
● IPv4: Log from BIRD process
● IPv6: Log from BIRD6 process
messagetextThe message contained in the log.

Once a set of BGP logs has accumulated in Elasticsearch, you can perform many interesting queries. Depending on the field that you want to query, different techniques are required. For example:

  • To view BGP logs only for IPv4 or IPv6, query on the ip_version field and sort by logtime
  • To see all logs from a specific node, query on the host field
  • To view events in the cluster, query on the message field