Configuring Log Filter Rules
The Logging Filters table lets you configure up to 60 rules for filtering debug recording packets, Syslog messages, and Call Detail Records (CDR). The log filter determines the calls for which you want to generate debug recording packets, Syslog messages or CDRs. For example, you can add a rule to generate Syslog messages only for calls belonging to IP Groups 2 and 4, or for calls belonging to all IP Groups except IP Group 3.
You can also configure log filters for generating CDRs only and saving them on the device (local storage). Debug recording log filters can include signaling information (such as SIP messages), Syslog messages, CDRs, media (RTP, RTCP, and T.38), and pulse-code modulation (PCM) .
If you don't configure any rules in the Logging Filters table and you have globally enabled debug recording (by configuring the Debug Recording server's address - see Note below), Syslog (global parameter - see Note below), and/or CDR generation (global parameter for enabling Syslog - see Note below), logs are generated for all calls. Thus, the benefit of log filtering is that it allows you to create logs per specific calls, eliminating the need for additional device resources (CPU consumption) otherwise required when logs are generated for all calls.
You can enable and disable configured Log Filter rules. Enabling a rule activates the rule, whereby the device starts generating the debug recording packets, Syslog messages, or CDRs. Disabling a rule is useful, for example, if you no longer require the rule, but may need it in the future. Thus, instead of deleting the rule entirely, you can simply disable it.
|
●
|
If you want to configure a Log Filter rule that logs Syslog messages to a Syslog server (i.e., not to a Debug Recording server), you must enable Syslog functionality, using the 'Enable Syslog' (EnableSyslog) parameter (see Enabling Syslog). Enabling Syslog functionality is not required for rules that include Syslog messages in the debug recording sent to the Debug Recording server. |
|
●
|
To configure additional, global CDR settings such as at what stage of the call the CDR is generated (e.g., start and end of call), see Configuring CDR Reporting. |
The following procedure describes how to configure Log Filter rules through the Web interface. You can also configure it through ini file [LoggingFilters] or CLI (configure troubleshoot > logging logging-filters).
|
➢
|
To configure a Log Filter rule: |
|
1.
|
Open the Logging Filters table (Troubleshoot menu > Troubleshoot tab > Logging folder > Logging Filters). |
|
2.
|
Click New; the following dialog box appears: |
|
3.
|
Configure a Log Filtering rule according to the parameters described in the table below. |
Logging Filters Table Parameter Descriptions
|
|
|
|
'Index'
[LoggingFilters_Index]
|
Defines an index number for the new table row.
Note: Each row must be configured with a unique index.
|
|
'Filter Type'
filter-type
[LoggingFilters_FilterType]
|
Defines the filter type criteria.
|
■
|
[1] Any= (Default) Debug recording is done for all calls. |
|
■
|
[2] Trunk ID = Filters the log by Trunk ID. |
Note: This option is applicable only to the Gateway application.
Note: Applicable only to the Gateway application.
|
■
|
[4] Trunk & B-channel = Filters the log by Trunk and B-channel. |
Note: This option is applicable only to the Gateway application.
|
■
|
[5] FXS or FXO = Filters the log by FXS or FXO port. |
Note: This option is applicable only to the Gateway application.
|
■
|
[6] Tel-to-IP = Filters the log by Tel-to-IP Routing rule. To configure Tel-to-IP Routing rules, see Configuring Tel-to-IP Routing Rules. |
Note: This option is applicable only to the Gateway application.
Note: This option is applicable only to the Gateway application.
Note: This option is applicable only to the SBC application.
Note: This option is applicable only to the SBC application.
|
■
|
[12] User = Filters the log by user (source and destination). The user is defined by username or username@hostname in the source and destination headers of the SIP request. For example, "2222@10.33.45.201" (without quotation marks), which represents the following INVITE request: |
INVITE sip:2222@10.33.45.201;user=phone SIP/2.0
From: sip:2222@10.33.45.201;user=phone
|
■
|
[13] IP Trace = Filters the log by an IP network trace, using Wireshark-like expressions. For more information, see Filtering IP Network Traces. |
|
|
'Value'
value
[LoggingFilters_Value]
|
Defines the value for the filtering type configured in the 'Filter Type' parameter.
The value can include the following:
|
■
|
A range, using a hyphen "-" between the two values. For example, to specify IP Groups 1, 2 and 3, configure the parameter to "1-3" (without quotation marks). |
|
■
|
Multiple, non-contiguous values, using commas "," between each value. For example, to specify IP Groups 1, 3 and 9, configure the parameter to "1,3,9" (without quotation marks). |
|
■
|
Trunks, FXS, or FXO pertaining to a module, using the syntax module number/port or port, for example:
|
|
✔
|
"1/2" (without quotation marks) means module 1, port 2
|
|
✔
|
"1/[2-4]" (without quotation marks) means module 1, ports 2 through 4
|
|
■
|
To exclude specific configuration entities from the log filter, use the exclamation (!) wildcard character. For example, to include all IP Groups in the filter except IP Group ID 2, configure the 'Filter Type' parameter to IP Group and the 'Value' parameter to "!2" (without quotation marks). |
Note: For SBC calls, a Logging Filter rule applies to the entire session (i.e., inbound and outbound legs). Therefore, if you want to exclude logging of specific calls, you need to configure the 'Value' parameter with both legs. For example:
|
✔
|
If you want to exclude logs for calls between IP Group 1 and IP Group 2, configure the parameter to "!1,2" (without quotation marks). |
|
✔
|
If you want to exclude logs for calls between SIP Interface 4 and SIP Interface 9, configure the parameter to "!4,9" (without quotation marks). |
Note:
|
■
|
You can use the index number or string name to specify the configuration entity for the following 'Filter Types': Tel-to-IP, IP-to-Tel, IP Group, SRD, Classification, IP-to-IP Routing, or SIP Interface. For example, to specify IP Group at Index 2 with the name "SIP Trunk", configure the parameter to either "2" or "SIP Trunk" (without quotation marks). |
|
|
'Log Destination'
log-dest
[LoggingFilters_LogDestination]
|
Defines where the device sends the log file.
|
■
|
[0] Syslog Server = The device generates Syslog messages based on the configured log filter and sends them to a user-defined Syslog server. |
|
■
|
[1] Debug Recording Server = (Default) The device generates debug recording packets based on the configured log filter and sends them to a user-defined Debug Recording server. |
|
■
|
[2] Local Storage = The device generates CDRs based on the configured log filter and stores them locally on the device. For more information on local CDR storage, see Storing CDRs on the Device |
|
■
|
[3] Call Flow Server = The device sends SIP messages to a call flow server (i.e., OVOC) for displaying SIP call dialog sessions as SIP call flow diagrams. For this functionality, you also need to configure the 'Log Type' parameter to Call Flow. For enabling this functionality, see Enabling SIP Call Flow Diagrams in OVOC. |
Note:
|
■
|
If you configure the parameter to Syslog Server: |
|
✔
|
If you have also configured the debug level to No Debug (see the [GwDebugLevel] parameter in Configuring Syslog Debug Level), the syslog messages include only system warnings and errors. |
|
✔
|
The 'Log Type' parameter (below) is not applicable (all syslog messages are sent to the syslog server). |
|
■
|
If the 'Filter Type' parameter is configured to IP Trace, you must configure the parameter to Debug Recording Server. |
|
■
|
If you configure the parameter to Local Storage, you must configure the 'Log Type' parameter to CDR Only.
|
|
■
|
If you configure the parameter to Syslog Server and the debug level, using the [GwDebugLevel] parameter, is configured to No Debug (see Configuring Syslog Debug Level), the Syslog messages include only system Warnings and Errors. |
|
■
|
If you configure the parameter to Debug Recording Server, you can also include Syslog messages in the debug recording packets sent to the debug recording server. To include Syslog messages, configure the 'Log Type' parameter (see below) to the relevant option. |
|
|
'Log Type'
log-type
[LoggingFilters_CaptureType]
|
Defines the type of messages to include in the log file.
|
■
|
[0] = (Default) Not configured. The option is applicable only for sending Syslog messages to a Syslog server (i.e., 'Log Destination' parameter is configured to Syslog Server). |
|
■
|
[1] Signaling = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server). The debug recording includes signaling information such as SIP signaling messages, Syslog messages, CDRs, and the device's internal processing messages. |
|
■
|
[2] Signaling & Media = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server). The debug recording includes media (RTP/RTCP/T.38), and only signaling and Syslog messages associated with the recorded media. |
Note: The device requires a lot of resources for media debug recording. The number of media sessions (and associated signaling) that the device records depends on available resources. Therefore, when many media sessions need to be recorded (e.g., when the 'Filter Type' parameter is configured to Any) not all media sessions (and associated signaling) are recorded. If the device has no resources to debug record any media, it doesn't debug record any signaling as well. As debug recording of signaling requires less resources than media debug recording, if you want to perform debug recording only on signaling, then it is recommended to configure the parameter to Signaling.
|
■
|
[3] Signaling & Media & PCM = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server). The debug recording includes signaling, Syslog messages, media, and PCM (voice signals from and to TDM). |
|
■
|
[5] CDR Only = Only CDRs are generated. The option is applicable only if the 'Log Destination' parameter is configured to Syslog Server or Local Storage. When configured to Syslog Server, only CDRs are included in the Syslog messages (excluding all system logs and alerts) sent to the Syslog server. |
|
■
|
[6] Call Flow = The device sends SIP messages (in XML format), as they occur in real-time, to OVOC for displaying SIP call dialog sessions as call flow diagrams. For this functionality, you also need to configure the 'Log Destination' parameter to Call Flow Server. For enabling this functionality, see Enabling SIP Call Flow Diagrams in OVOC. |
|
■
|
[7] SIP Only = The option is applicable only to debug recording (i.e. the 'Log Destination' parameter is configured to Debug Recording Server or Syslog Server). The debug recording includes only SIP messages. |
Note:
|
■
|
If you configure the 'Log Destination' parameter to Local Storage, you must configure the 'Log Type' parameter to CDR Only.
|
|
■
|
The parameter is not applicable when the 'Filter Type' parameter is configured to IP Trace. |
|
■
|
To include Syslog messages in debug recording, it is unnecessary to enable Syslog functionality. |
|
|
'Mode'
mode
[LoggingFilters_Mode]
|
Enables and disables the rule.
|