09.05.2020

Log management in FastNetMon

FastNetMon Advanced generates pretty big amount of log entries and they can be used to debug some decisions made by FastNetMon. By default, FastNetMon uses file based logging to /var/log/fastnetmon/fastnetmon.log. Example log entry looks like:

2020-05-01 19:12:46,252 [INFO] FastNetMon started
2020-05-01 19:12:46,252 [INFO] FastNetMon version: 2.0.187 git 804...631 started
2020-05-01 19:12:46,252 [INFO] Read configuration file

For any kinds of issues or misbehavior FastNetMon uses logging levels WARN and ERROR:

2020-04-12 22:31:24,262 [WARN] We will use 192.168.1.0/30 instead of 192.168.1.1/30 because it's host address
2020-03-17 09:40:34,244 [ERROR] Please specify intreface for AF_PACKET

If you have any log analytics system it make sense to filter our such error messages and look on them precisely.

If you experience some complex issues or support team told you so then you can enable debug level logging:

sudo fcli set main logging_level debug
sudo fcli commit

In this mode FastNetMon will generate really big amount of log entries, please do not enable this mode for long time and after debugging, please switch to default log level “info”:

sudo fcli set main logging_level info
sudo fcli commit

For systems with centralized log collection we offer ability to send logs to remove locations via syslog’s UDP based protocol.

sudo fcli set main logging_remote_syslog_logging enable
sudo fcli set main logging_remote_syslog_port 514
sudo fcli set main logging_remote_syslog_server 10.10.10.10
sudo fcli commit

As another option, you can send messages to local syslog daemon:

sudo fcli set main logging_local_syslog_logging enable
sudo fcli commit

Please do not rely on text of log messages, we do not guarantee their consistency, please use API or callback scripts instead.

Since version 2.0.191 FastNetMon have got support for versioned and stable log messages which can be used for different actions and we guarantee their availability and format in new versions. They’re enabled automatically when you enable remote or local syslog logging. Examples:

v:1 mode:blackhole action:ban proto:ipv4 target:127.0.0.1 pps_in_rate:0 pps_out_rate:0 bytes_in_rate:0 bytes_out_rate:0
v:1 mode:blackhole action:unban proto:ipv4 target:127.0.0.1 pps_in_rate:0 pps_out_rate:0 bytes_in_rate:0 bytes_out_rate:0