BGP logs
Calico Enterprise pushes BGP activity logs to Elasticsearch. To view them, go to the Discovery view, and from the dropdown menu, select tigera_secure_ee_bgp.*
to view the collected BIRD and BIRD6 logs.
The following table details key/value pairs for constructing queries, including their Elasticsearch datatype.
Name | Datatype | Description |
---|---|---|
logtime | date | When the log was collected in UTC timestamp format. |
host | keyword | The name of the node where log was collected. |
ip_version | keyword | Contains one of the following values: ● IPv4 : Log from BIRD process ● IPv6 : Log from BIRD6 process |
message | text | The message contained in the log. |
Once a set of BGP logs has accumulated in Elasticsearch, you can perform many interesting queries. Depending on the field that you want to query, different techniques are required. For example:
- To view BGP logs only for IPv4 or IPv6, query on the
ip_version
field and sort bylogtime
- To see all logs from a specific node, query on the
host
field - To view events in the cluster, query on the
message
field