Configuring Logging Filter Rules

The Logging Filters table lets you configure up to 60 rules for filtering debug recording packets, syslog messages, and Call Detail Records (CDR). The logging filter determines the calls for which you want to generate the log. For example, you can add a rule to generate syslog messages only for calls belonging to IP Groups 2 and 4, or for calls belonging to all IP Groups except IP Group 3.

You can also configure logging filters for generating CDRs only and saving them on the device (local storage). Debug recording logging filters can include signaling information (such as SIP messages), syslog messages, PSTN traces (ISDN), CDRs, media (RTP, RTCP, and T.38), and pulse-code modulation (PCM) of voice signals from and to the TDM.

You can configure the following special logging filters for OVOC:

You can filter logged SIP messages that the device sends to OVOC so that OVOC can display SIP call dialog sessions as SIP call flow diagrams (SIP ladder).
You can filter Quality of Experience (voice metrics in CDRs) reports that the device sends to OVOC.

If you don't configure any rules in the Logging Filters table and you have globally enabled debug recording (by configuring the Debug Recording server's address - see note below), syslog (global parameter - see note below), and/or CDR generation (global parameter for enabling syslog - see note below), logs are generated for all calls. Therefore, the benefit of logging filters is that it allows you to create logs per specific calls, eliminating the need for additional device resources (CPU consumption) otherwise required when logs are generated for all calls.

You can enable and disable each of your configured logging filter rules. Enabling rules that are not for debugging recording, activates the rule so that the device generates syslog messages or CDRs. For debug recording rules, you need to explicitly start the debug recording, as described in Starting and Stopping Debug Recording. Disabling a rule is useful, for example, if you currently no longer require the rule, but may need it in the future. Therefore, instead of deleting the rule, you can simply disable it.

If you want to configure a rule that logs syslog messages to a syslog server (i.e., not to a Debug Recording server), you must enable syslog functionality, using the 'Enable Syslog' (EnableSyslog) parameter (see Enabling Syslog). Enabling syslog functionality is not required for rules that include syslog messages in the debug recording sent to the Debug Recording server.
To configure the syslog server's address, see Configuring the Syslog Server Address. To configure additional, global syslog settings, see Configuring Syslog.
To configure the Debug Recording server's address, see Configuring the Debug Recording Server Address.
To configure additional, global CDR settings such as at what stage of the call the CDR is generated (e.g., start and end of call), see Configuring CDR Reporting.
To start and stop debug recording rules, see Starting and Stopping Debug Recording.

The following procedure describes how to configure logging filter rules through the Web interface. You can also configure it through ini file [LoggingFilters] or CLI (configure troubleshoot > logging logging-filters).

To configure a logging filter rule:
1. Open the Logging Filters table (Troubleshoot menu > Troubleshoot tab > Logging folder > Logging Filters).
2. Click New; the following dialog box appears:

3. Configure a Log Filtering rule according to the parameters described in the table below.
4. Click Apply.

Logging Filters Table Parameter Descriptions

Parameter

Description

'Index'

[Index]

Defines an index number for the new table row.

Note: Each row must be configured with a unique index.

'Filter Type'

filter-type

[FilterType]

Defines the filter type criteria.

[1] Any= (Default) Debug recording is done for all calls.
[2] Trunk ID = Filters the log by Trunk ID.

Note: This option is applicable only to the Gateway application.

[3] Trunk Group ID = Filters the log by Trunk Group ID. To configure Trunk Groups, see Configuring Trunk Groups.

Note: Applicable only to the Gateway application.

[4] Trunk & B-channel = Filters the log by Trunk and B-channel.

Note: This option is applicable only to the Gateway application.

[6] Tel-to-IP = Filters the log by Tel-to-IP Routing rule. To configure Tel-to-IP Routing rules, see Configuring Tel-to-IP Routing Rules.

Note: This option is applicable only to the Gateway application.

[7] IP-to-Tel = Filters the log by IP-to-Tel Routing rule. To configure IP-to-Tel Routing rules, see Configuring IP-to-Tel Routing Rules.

Note: This option is applicable only to the Gateway application.

[8] IP Group = Filters the log by IP Group. To configure IP Groups, see Configuring IP Groups.
[9] SRD = Filters the log by SRD. To configure SRDs, see Configuring SRDs.
[10] Classification = Filters the log by Classification rule. To configure Classification rules, see Configuring Classification Rules.

Note: This option is applicable only to the SBC application.

[11] IP-to-IP Routing = Filters the log by IP-to-IP Routing rule. To configure IP-to-IP Routing rules, see Configuring SBC IP-to-IP Routing Rules.

Note: This option is applicable only to the SBC application.

[12] User = Filters the log by user (source and destination). The user is defined by username or username@hostname in the source or destination headers of the SIP request. For example, "2222@10.33.45.201" (without quotation marks) represents the following INVITE request:

INVITE sip:2222@10.33.45.201;user=phone SIP/2.0

From: sip:2222@10.33.45.201;user=phone

[13] IP Trace = Filters the log by an IP network trace, using Wireshark-like expressions. For more information, see Filtering IP Network Traces. For filtering IP traces by Ethernet port, or VLAN, see Filtering IP Network Traces by Ethernet Port or VLAN. The device adds an "ACDR" header to IP trace recordings.
[14] SIP Interface = Filters the log by SIP Interface. To configure SIP Interfaces, see Configuring SIP Interfaces.
[15] System Trace = Filters the log to include logged information not related to calls, for example, the device's CPU, or a disconnection with the LDAP server.
[16] IP Group Tag = Filters the log by the IP Group's tag (source and destination). The tag is configured by the 'Tags' parameter in the IP Groups table.

'Value'

value

[Value]

Defines the value for the filtering type configured in the 'Filter Type' parameter.

The value can include the following:

For IP traces ('Filter Type' parameter configured to IP Trace), you need to configure the value with Wireshark-like expressions to filter the IP trace, as described in Filtering IP Network Traces. If the parameter is not configured, the IP trace applies to all packets.
For system traces ('Filter Type' parameter configured to System Trace), configure the value to one of the following:
"syslog": This option includes INFO packet types.
"tpncp": This option includes device events and command packets, as displayed when using the Wireshark filter 'tpncp'.
A single value.
A range, using a hyphen "-" between the two values. For example, to specify IP Groups 1, 2 and 3, configure the parameter to "1-3" (without quotation marks).
Multiple, non-contiguous values, using commas "," between each value. For example, to specify IP Groups 1, 3 and 9, configure the parameter to "1,3,9" (without quotation marks).
Trunks pertaining to a module, using the syntax module number/port or port, for example:
"1/2" (without quotation marks) means module 1, port 2
"1/[2-4]" (without quotation marks) means module 1, ports 2 through 4
To exclude specific configuration entities from the log filter, use the exclamation (!) wildcard character. For example, to include all IP Groups in the filter except IP Group ID 2, configure the 'Filter Type' parameter to IP Group and the 'Value' parameter to "!2" (without quotation marks).

Note: For SBC calls, a Logging Filter rule applies to the entire session (i.e., inbound and outbound legs). Therefore, if you want to exclude logging of specific calls, you need to configure the 'Value' parameter with both legs. For example:

If you want to exclude logs for calls between IP Group 1 and IP Group 2, configure the parameter to "!1,2" (without quotation marks).
If you want to exclude logs for calls between SIP Interface 4 and SIP Interface 9, configure the parameter to "!4,9" (without quotation marks).

Note: You can use the index number or string name to specify the configuration entity for the following 'Filter Types': Tel-to-IP, IP-to-Tel, IP Group, SRD, Classification, IP-to-IP Routing, or SIP Interface. For example, to specify IP Group "My SIP Trunk" at Index 2, configure the parameter to either "2" or "My SIP Trunk" (without quotation marks).

'Log Destination'

log-dest

[LogDestination]

Defines where the device sends the log file.

[0] Syslog Server = The device generates syslog messages for your log filter and sends them to a user-defined syslog server.
[1] Debug Recording Server = (Default) The device generates debug recording packets for your log filter and sends them to a user-defined Debug Recording server.
[2] Local Storage = The device generates CDRs for your log filter and stores them locally on the device. For more information on local storage of CDRs, see Storing CDRs on the Device.
[3] OVOC (QoE) = This option is used when the device sends any of the following to OVOC:
SIP messages: The SIP messages can be used by OVOC to display SIP call dialog sessions as SIP call flow diagrams (SIP ladder). For this functionality, you also need to configure the 'Log Type' parameter to SIP Ladder. For more information on enabling this functionality, see Enabling SIP Call Flow Diagrams in OVOC.
Quality of Experience (QoE) voice metric reports: To configure reporting and filtering of QoE to OVOC, see Reporting QoE to OVOC. For this functionality, you also need to configure the 'Log Type' parameter to CDR.

Note:

If you configure the parameter to Syslog Server:
If you have also configured the debug level to No Debug (see the [GwDebugLevel] parameter in Configuring Syslog Debug Level), the syslog messages include only system warnings and errors.
The 'Log Type' parameter (below) is not applicable (all syslog messages are sent to the syslog server).
If you configure the 'Filter Type' parameter to IP Trace, you must configure the parameter to Debug Recording Server.
For local storage of CDRs, configure the parameter to Local Storage and the 'Log Type' parameter to CDR.
If you configure the parameter to Debug Recording Server, you can also include syslog messages in the debug recording packets sent to the debug recording server. To include syslog messages, configure the 'Log Type' parameter (see below) to the relevant option.

'Log Type'

log-type

[CaptureType]

Defines the type of messages to include in the log file.

[0] = (Default) Not configured. The option is applicable only for sending syslog messages to a syslog server (i.e., 'Log Destination' parameter is configured to Syslog Server).
[1] Signaling = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server). The debug recording includes signaling information such as SIP signaling messages, syslog messages, CDRs, and the device's internal processing messages.
[2] Signaling & Media = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server). The debug recording includes media (RTP/RTCP/T.38), and only signaling and syslog messages associated with the recorded media.

Note: The device requires a lot of resources for media debug recording. The number of media sessions (and associated signaling) that the device records depends on available resources. Therefore, when many media sessions need to be recorded (e.g., when the 'Filter Type' parameter is configured to Any) not all media sessions (and associated signaling) are recorded. If the device has no resources to debug record any media, it doesn't debug record any signaling as well. As debug recording of signaling requires less resources than media debug recording, if you want to perform debug recording only on signaling, then it is recommended to configure the parameter to Signaling.

[3] Signaling & Media & PCM = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server). The debug recording includes signaling, syslog messages, media, and PCM (voice signals from and to TDM).
[4] PSTN Trace = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server) and if the 'Filter Type' parameter is configured to Trunk ID. The debug recording includes ISDN traces.

Note:

This option is applicable only to digital interfaces.
To capture traffic of all trunks, configure the 'Value' parameter (above) to "-1" (without quotation marks).
You must configure the trace level for the trunks that you want to trace. This is done using the 'Trace Level' parameter on the Trunk Settings page (see Configuring Trunk Settings).
[5] CDR = Only CDRs are generated. This option is applicable only when you configure the 'Log Destination' parameter to Local Storage or OVOC (QoE) for QoE reporting to OVOC.

[6] SIP Ladder = The device sends SIP messages (in XML format), as they occur in real-time, to OVOC for displaying SIP call dialog sessions as call flow diagrams. For this functionality, you also need to configure the 'Log Destination' parameter to OVOC (QoE). For enabling this functionality, see Enabling SIP Call Flow Diagrams in OVOC.
[7] SIP Only = The option is applicable only to debug recording (i.e. the 'Log Destination' parameter is configured to Debug Recording Server). The debug recording includes only SIP messages.

Note:

This parameter is not applicable if you configure the 'Log Destination' parameter to Syslog Server.
For local storage of CDRs, configure the 'Log Destination' parameter to Local Storage and the 'Log Type' parameter to CDR.
PSTN debug traces may affect performance.
The parameter is not applicable when the 'Filter Type' parameter is configured to IP Trace.
To include syslog messages in debug recording, it is unnecessary to enable syslog functionality.

'Mode'

mode

[Mode]

Enables and disables the rule.

[0] Disable
[1] Enable (Default)

Note: For debugging recording rules, you need to explicitly start the debug recording, as described in Starting and Stopping Debug Recording.