BGP logs

LESS THAN 1 MINUTE READ

Calico Enterprise pushes BGP activity logs to Elasticsearch. To view them, go to the Discovery view, and from the dropdown menu, select tigera_secure_ee_bgp.* to view the collected BIRD and BIRD6 logs.

The following table details key/value pairs for constructing queries, including their Elasticsearch datatype.

Name	Datatype	Description
`logtime`	date	When the log was collected in UTC timestamp format.
`host`	keyword	The name of the node where log was collected.
`ip_version`	keyword	Contains one of the following values: ● `IPv4`: Log from BIRD process ● `IPv6`: Log from BIRD6 process
`message`	text	The message contained in the log.

Once a set of BGP logs has accumulated in Elasticsearch, you can perform many interesting queries. Depending on the field that you want to query, different techniques are required. For example:

To view BGP logs only for IPv4 or IPv6, query on the ip_version field and sort by logtime
To see all logs from a specific node, query on the host field
To view events in the cluster, query on the message field

Use cases

Install and upgrade

Networking

Network policy

Visibility and troubleshooting

Multi-cluster management

Threat defense

Compliance and security

Operations

Reference

Release notes

BGP logs