System

System Logging

SoodarOS uses systemd-journald as main logging solution.

[no] debug service snmp

Enable logging for SNMP service. All SNMP logs appear in journald.

[no] debug service mender

Enable logging for mender update service. All mender logs appear in journald.

[no] debug service ntpd

Enable logging for NTP service. All NTP logs appear in journald.

[no] debug dplane fib

Enable data plane( VPP) FIB logs.

[no] debug dplane ikev2

Enable data plane( VPP) IKEv2 logs.

[no] debug dplane ipsec

Enable data plane( VPP) IKEv2 logs.

log rotate max-file-size SIZE

set SIZE as the limit of how large individual journal files may grow at most. When limit is reached, it rotates to next journal file.

log rotate max-files (1-1000)

control how many individual journal files to keep at most. Default is 100.

log rotate max-use SIZE

Control how much disk space the journal may use up at most. The SIZE is capped to 4G. After reaching the limit, it starts removing elder journal files.

[no] log rotate max-file-life (1-1000)

The maximum time( in days) to store entries in a single journal file before rotating to the next one.

[no] log rotate max-retention (1-1000)

The maximum time( in days) to store journal entries. This controls whether journal files containing entries older than the specified time span are deleted.

[no] log file [LEVEL]

If you want to enable log into a file, please enter command as in this example:

log file  informational

If the optional second argument specifying the logging level is not present, the default logging level (typically debugging, but can be changed using the deprecated log trap command) will be used. The no form of the command disables logging to a file.

[no] log syslog [LEVEL]

Enable logging output to syslog. If the optional second argument specifying the logging level is not present, the default logging level (typically debugging, but can be changed using the deprecated log trap command) will be used. The no form of the command disables logging to syslog.

[no] log syslog A.B.C.D [port (100-65535)] [<udp|tcp|loki>]

Define a remote host to send syslogs. make sure that log syslog is enabled to make this command work. Default port is udp 514 and for loki it is 3000.

[no] log monitor [LEVEL]

Enable logging output to terminal shell. By default, monitor logging is enabled at the informational level, but this command can be used to change the monitor logging level. If the optional second argument specifying the logging level is not present, the default logging level (typically informational) will be used. The no form of the command disables logging to terminal monitors.

[no] log facility [FACILITY]

This command changes the facility used in syslog messages. The default facility is daemon. The no form of the command resets the facility to the default daemon facility.

[no] log record-priority

To include the severity in all messages logged to a file. use the log record-priority global configuration command. To disable this option, use the no form of the command. By default, the severity level is not included in logged messages.

[no] log timestamp precision [(0-6)]

This command sets the precision of log message timestamps to the given number of digits after the decimal point. Currently, the value must be in the range 0 to 6 (i.e. the maximum precision is microseconds). To restore the default behavior (1-second accuracy), use the no form of the command, or set the precision explicitly to 0.

log timestamp precision 3

In this example, the precision is set to provide timestamps with millisecond accuracy.

[no] log commands

This command enables the logging of all commands typed by a user to all enabled log destinations. The note that logging includes full command lines, including passwords.

show log all [follow]

Show all journals logs. if follow mode is enabled, it follows the updates.

show log mender [follow]

Show mender update service logs. if follow mode is enabled, it follows the updates.

show log ssh [follow]

Show SSH service logs. if follow mode is enabled, it follows the updates.

show log soolog [follow]

Show Soodar service logs. We are using vector for logging. If follow mode is enabled, it follows the updates.

show log snmpd [follow]

Show SNMP service logs. if follow mode is enabled, it follows the updates.

show log ntpd [follow]

Show NTP service logs. if follow mode is enabled, it follows the updates.

show log vpp [follow]

Show VPP service( data plane) logs. if follow mode is enabled, it follows the updates.

show log frr [follow]

Show FRR service( control plane) logs. if follow mode is enabled, it follows the updates.

show log kernel [follow]

Show kernel and boot logs. if follow mode is enabled, it follows the updates.

System update

SoodarOS uses mender as its system update solution. It supports both online and offline update and in case of failure, it can rollback to previous version

Online update

Update system from a server. Disabled by default. When online update is enabled, the system automatically check the server for available updates and install if any is present.

Configuration

system update enable

Enable online update

no system update enable

Disable online update

system update server-url WORD

Set update server’s URL

Note

Update server address, should be a URL and an IP address can’t be set

system update update-poll-interval (5-2147483647)

Check for update interval in seconds

system update inventory-poll-interval (5-2147483647)

Send system inventory in intervals. Unit is in seconds

Example:

soodar(config)# system update enable
soodar(config)# system update server-url https://update.soodar.ir
soodar(config)# system update update-poll-interval 300
soodar(config)# system update inventory-poll-interval 400

Offlline update

Update system from a removable storage. The procedure to offline update is simple. One need to:

  1. Install an update

  2. Reboot

  3. Commit the update( to make it persistent) or rollback the update( in case of failure. just reboot without commit to rollback)

Note

To use offline update, online update should be disabled

Configuration

system update offline list

List available updates on removable storage

Example:

n1(config)# system update offline list
    1   rls-20
    2   rls-21
    3   rls-21.1
system update offline install ARTIFACT

Install update from removable storage. ARTFICAT is the relative path of update file from removable storage root, without .mender postfix

system update offline commit

Commit latest installed update.

Warning

During system’s booting, no removable storage should be plugged to router device or else boot will fail.

System backup and restore

The router is equipped with a set of backup/restore tools. currently only startup config could be backed up. The backup files could be stored in three ways:

  1. To remote host and via SSH

  2. To local storage

  3. To removable storage

Backup and restore via SSH

Commands

system config backup ssh HOST USER PATH

Backup current startup config to a remote host. HOST is IP address or host name of desired destination USER is remote host user that SSH tunnel will be made to. And PATH is address to save file

Examples:

soodar(config)# ip host bckup-server 192.168.1.123
soodar(config)# system config backup ssh bckup-server admin ~/backups/n1-edge
soodar(config)# system config backup ssh 10.12.12.1 sysadmin /var/router-backups/test_bkp
system config backup list ssh HOST USER PATH

List available backup files on remote hast. PATH is the remote destination directory that backups are stored

Example:

soodar(config)# system config backup list ssh bckup-server admin ~/backups

Tags in provided remote path:
    1   -rw-r--r-- 1 admin admin    0 Mar 17 10:33 n1-edge
    1   -rw-r--r-- 1 admin admin    0 Mar 16 19:52 n3
system config restore ssh HOST USER PATH

Example:

soodar(config)# system config backup restore ssh 10.12.12.1 sysadmin /var/router-backups/test_bkp

Backup and restore to and from removable storage

Commands

system config backup removable-storage NAME

Backup current startup config to the removable storage. NAME is desired backup’s name.

Examples:

soodar(config)# system config backup removable-storage before-a-big-change
system config backup list removable-storage

List available backup files on removable storage.

Example:

soodar(config)# system config backup list removable-storage

Tags in provided remote path:
    1   -rw-r--r-- 1 admin admin    0 Mar 17 10:51 before-a-big-change
system config restore removable-storage NAME

Backup and restore to and from local

Commands

system config backup local NAME

Backup current startup config to the local storage. NAME is desired backup’s name.

Examples:

soodar(config)# system config backup local before-a-big-change
system config backup list local

List available backup files on local storage.

Example:

soodar(config)# system config backup list local

Tags in provided remote path:
    1   -rw-r--r-- 1 admin admin    0 Mar 17 10:51 before-a-big-change
system config restore local NAME

Prometheus Monitoring

Soodar OS supports both SNMP and Prometheus for monitoring purposes. Users can enable prometheus monitoring by running soomon service on router. After running and enabling soomon service, Router can provide metrics on port 9200.

system service enable soomon

Start soomon service to provide prometheus monitoring.

Note

Currently soomon only works on port 9200. This behaviour could change in future.

System Services

To acheive the best performance on system, there are services running in background for accomplishing tasks. These services include:

  • NTP: Network Time Protocol service.

  • Mender: System update service.

  • Soolog: Remote and local syslog service.

  • SNMPD: SNMP Services

  • VPP: Router service. Restarting this service is like restarting router.

  • Soomon: Soodar prometheus monitoring service.

show system service status SERVICE

Show service status based on output of systemd

system service restart SERVICE

Restart a service. If service is not running, start the service