Configuring Logging Filter Rules
The Logging Filters table lets you configure up to 60 rules for filtering debug recording packets, syslog messages, and Call Detail Records (CDR). The logging filter determines the calls for which you want to generate the log. For example, you can add a rule to generate syslog messages only for calls belonging to IP Groups 2 and 4, or for calls belonging to all IP Groups except IP Group 3.
You can also configure logging filters for generating CDRs only and saving them on the device (local storage). Debug recording logging filters can include signaling information (such as SIP messages), syslog messages, CDRs, media (RTP, RTCP, and T.38), and pulse-code modulation (PCM) . You can also configure these debug recording logging filters to be saved on the device (local storage).
You can configure the following special logging filters for OVOC:
|
■
|
You can filter logged SIP messages that the device sends to OVOC so that OVOC can display SIP call dialog sessions as SIP call flow diagrams (SIP ladder). |
|
■
|
You can filter Quality of Experience (voice metrics in CDRs) reports that the device sends to OVOC. |
If you don't configure any rules in the Logging Filters table and you have globally enabled debug recording (by configuring the Debug Recording server's address - see note below), syslog (global parameter - see note below), and/or CDR generation (global parameter for enabling syslog - see note below), logs are generated for all calls. Therefore, the benefit of logging filters is that it allows you to create logs per specific calls, eliminating the need for additional device resources (CPU consumption) otherwise required when logs are generated for all calls.
You can enable and disable each of your configured logging filter rules. Enabling rules that are not for debugging recording, activates the rule so that the device generates syslog messages or CDRs. For debug recording rules, you need to explicitly start the debug recording, as described in Starting and Stopping Debug Recording. Disabling a rule is useful, for example, if you currently no longer require the rule, but may need it in the future. Therefore, instead of deleting the rule, you can simply disable it.
|
●
|
If you want to configure a rule that logs syslog messages to a syslog server (i.e., not to a Debug Recording server), you must enable syslog functionality, using the 'Enable Syslog' (EnableSyslog) parameter (see Enabling Syslog). Enabling syslog functionality is not required for rules that include syslog messages in the debug recording sent to the Debug Recording server. |
|
●
|
To configure additional, global CDR settings such as at what stage of the call the CDR is generated (e.g., start and end of call), see Configuring CDR Reporting. |
The following procedure describes how to configure logging filter rules through the Web interface. You can also configure it through ini file [LoggingFilters] or CLI (configure troubleshoot > logging logging-filters).
|
➢
|
To configure a logging filter rule: |
|
1.
|
Open the Logging Filters table (Troubleshoot menu > Troubleshoot tab > Logging folder > Logging Filters). |
|
2.
|
Click New; the following dialog box appears: |
|
3.
|
Configure a Log Filtering rule according to the parameters described in the table below. |
Logging Filters Table Parameter Descriptions
|
|
'Index'
[Index]
|
Defines an index number for the new table row.
Note: Each row must be configured with a unique index.
|
'Filter Type'
filter-type
[FilterType]
|
Defines the filter type criteria.
|
■
|
[1] Any= (Default) Debug recording is done for all calls. |
|
■
|
[12] User = Filters the log by user (source and destination). The user is defined by username or username@hostname in the source or destination headers of the SIP request. For example, "2222@10.33.45.201" (without quotation marks) represents the following INVITE request: |
INVITE sip:2222@10.33.45.201;user=phone SIP/2.0
From: sip:2222@10.33.45.201;user=phone
|
■
|
[15] System Trace = Filters the log to include logged information not related to calls, for example, the device's CPU, HA traffic between active and redundant devices, or a disconnection with the LDAP server. |
|
■
|
[16] IP Group Tag = Filters the log by the IP Group's tag (source and destination). The tag is configured by the 'Tags' parameter in the IP Groups table. |
|
'Value'
value
[Value]
|
Defines the value for the filtering type configured in the 'Filter Type' parameter.
The value can include the following:
|
■
|
For IP traces ('Filter Type' parameter configured to IP Trace), you need to configure the value with Wireshark-like expressions to filter the IP trace, as described in Filtering IP Network Traces. If the parameter is not configured, the IP trace applies to all packets. |
|
■
|
For system traces ('Filter Type' parameter configured to System Trace), configure the value to one of the following: |
|
✔
|
"syslog": This option includes INFO packet types. |
|
✔
|
"tpncp": This option includes device events and command packets, as displayed when using the Wireshark filter 'tpncp'. |
|
✔
|
"ha": This option includes High Availability (HA) and TPNCP command packet types (communication between active and redundant devices).
|
|
■
|
A range, using a hyphen "-" between the two values. For example, to specify IP Groups 1, 2 and 3, configure the parameter to "1-3" (without quotation marks). |
|
■
|
Multiple, non-contiguous values, using commas "," between each value. For example, to specify IP Groups 1, 3 and 9, configure the parameter to "1,3,9" (without quotation marks). |
|
■
|
To exclude specific configuration entities from the log filter, use the exclamation (!) wildcard character. For example, to include all IP Groups in the filter except IP Group ID 2, configure the 'Filter Type' parameter to IP Group and the 'Value' parameter to "!2" (without quotation marks). |
Note: For SBC calls, a Logging Filter rule applies to the entire session (i.e., inbound and outbound legs). Therefore, if you want to exclude logging of specific calls, you need to configure the 'Value' parameter with both legs. For example:
|
✔
|
If you want to exclude logs for calls between IP Group 1 and IP Group 2, configure the parameter to "!1,2" (without quotation marks). |
|
✔
|
If you want to exclude logs for calls between SIP Interface 4 and SIP Interface 9, configure the parameter to "!4,9" (without quotation marks). |
Note: You can use the index number or string name to specify the configuration entity for the following 'Filter Types': IP Group, SRD, Classification, IP-to-IP Routing, or SIP Interface. For example, to specify IP Group "My SIP Trunk" at Index 2, configure the parameter to either "2" or "My SIP Trunk" (without quotation marks).
|
'Log Destination'
log-dest
[LogDestination]
|
Defines where the device sends the log file.
|
■
|
[0] Syslog Server = The device generates syslog messages for your log filter and sends them to a user-defined syslog server. |
|
■
|
[1] Debug Recording Server = (Default) The device generates debug recording packets for your log filter and sends them to a user-defined Debug Recording server. |
|
■
|
[3] OVOC (QoE) = This option is used when the device sends any of the following to OVOC: |
|
✔
|
SIP messages: The SIP messages can be used by OVOC to display SIP call dialog sessions as SIP call flow diagrams (SIP ladder). For this functionality, you also need to configure the 'Log Type' parameter to SIP Ladder. For more information on enabling this functionality, see Enabling SIP Call Flow Diagrams in OVOC. |
|
✔
|
Quality of Experience (QoE) voice metric reports: To configure reporting and filtering of QoE to OVOC, see Reporting QoE to OVOC. For this functionality, you also need to configure the 'Log Type' parameter to CDR. |
Note:
|
■
|
If you configure the parameter to Syslog Server: |
|
✔
|
If you have also configured the debug level to No Debug (see the [GwDebugLevel] parameter in Configuring Syslog Debug Level), the syslog messages include only system warnings and errors. |
|
✔
|
The 'Log Type' parameter (below) is not applicable (all syslog messages are sent to the syslog server). |
|
■
|
If you configure the 'Filter Type' parameter to IP Trace, you must configure the parameter to Debug Recording Server. |
|
■
|
For local storage of CDRs, configure the parameter to Local Storage and the 'Log Type' parameter to CDR.
|
|
■
|
For local storage of debug recordings, configure the parameter to Local Storage and the 'Log Type' parameter to any value except CDR or SIP Ladder. |
|
■
|
If you configure the parameter to Debug Recording Server, you can also include syslog messages in the debug recording packets sent to the debug recording server. To include syslog messages, configure the 'Log Type' parameter (see below) to the relevant option. |
|
'Log Type'
log-type
[CaptureType]
|
Defines the type of messages to include in the log file.
|
■
|
[0] = (Default) Not configured. The option is applicable only for sending syslog messages to a syslog server (i.e., 'Log Destination' parameter is configured to Syslog Server). |
|
■
|
[1] Signaling = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server or Local Storage for local storage of debug recordings). The debug recording includes signaling information such as SIP signaling messages, syslog messages, CDRs, and the device's internal processing messages. |
|
■
|
[2] Signaling & Media = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server or Local Storage for local storage of debug recordings). The debug recording includes media (RTP/RTCP/T.38), and only signaling and syslog messages associated with the recorded media. |
Note: The device requires a lot of resources for media debug recording. The number of media sessions (and associated signaling) that the device records depends on available resources. Therefore, when many media sessions need to be recorded (e.g., when the 'Filter Type' parameter is configured to Any) not all media sessions (and associated signaling) are recorded. If the device has no resources to debug record any media, it doesn't debug record any signaling as well. As debug recording of signaling requires less resources than media debug recording, if you want to perform debug recording only on signaling, then it is recommended to configure the parameter to Signaling.
|
■
|
[3] Signaling & Media & PCM = The option is applicable only to debug recording (i.e., 'Log Destination' parameter is configured to Debug Recording Server or Local Storage for local storage of debug recordings). The debug recording includes signaling, syslog messages, media, and PCM. |
|
■
|
[5] CDR = Only CDRs are generated. This option is applicable only when you configure the 'Log Destination' parameter to Local Storage or OVOC (QoE) for QoE reporting to OVOC. |
|
■
|
[6] SIP Ladder = The device sends SIP messages (in XML format), as they occur in real-time, to OVOC for displaying SIP call dialog sessions as call flow diagrams. For this functionality, you also need to configure the 'Log Destination' parameter to OVOC (QoE). For enabling this functionality, see Enabling SIP Call Flow Diagrams in OVOC. |
|
■
|
[7] SIP Only = The option is applicable only to debug recording (i.e. the 'Log Destination' parameter is configured to Debug Recording Server or Local Storage for local storage of debug recordings). The debug recording includes only SIP messages. |
Note:
|
■
|
This parameter is not applicable if you configure the 'Log Destination' parameter to Syslog Server. |
|
■
|
For local storage of CDRs, configure the 'Log Destination' parameter to Local Storage and the 'Log Type' parameter to CDR.
|
|
■
|
For local storage of debug recordings, configure the 'Log Destination' parameter to Local Storage and the 'Log Type' parameter to any value, except CDR or SIP Ladder. |
|
■
|
The parameter is not applicable when the 'Filter Type' parameter is configured to IP Trace. |
|
■
|
To include syslog messages in debug recording, it is unnecessary to enable syslog functionality. |
|
'Mode'
mode
[Mode]
|
Enables and disables the rule.
Note: For debugging recording rules, you need to explicitly start the debug recording, as described in Starting and Stopping Debug Recording.
|