SysLogViewer - simplify the process of analyzing AudioCodes logs
Good day to all. In the process of work, I constantly encounter the problem of the readability of AudioCodes logs, as a result, of a very complex analysis of these logs. And the reason is not that the AudioCodes logs are not readable, the reason is that AudioCodes logs can be collected in different ways and, instead of getting a conveniently readable log, unreadable text is obtained. How to collect logs and how to analyze them correctly, read under the cat:
To begin with, let's look at how to include logs correctly and where they can be viewed.
In order to enable logging, you need to go to the Configuration -> System -> SysLog Settings page:
Let us analyze the parameters that we need.
')
After enabling logging, you can collect logs both locally, via the web interface, and remotely via SysLog. Let's look at both of these options:
Collection via a Web browser is carried out in the menu: Status & Diagnostics -> System Status -> Message Log.
An example of such a conclusion is below:
This option fees logs may be relevant in the following cases:
The main disadvantages of this collection of logs:
The second method is more correct and reliable - collecting logs remotely. But here, as a rule, the question arises - which program is better to collect logs. At the moment there are many different programs that allow you to collect SysLog. Due to the fact that of all popular programs, there are no programs optimized for the AudioCodes format, which is logical, AudioCodes has developed its own log collection program - SysLogViewer. Link to this program:
download
This is a program for analyzing AudioCodes logs. It collects logs and their analysis, or analyzes logs and converts them into a conveniently readable format from the following file types: text, Wireshark. I will give an example on the basis of a previously collected trace in the .log format, collected using the ACSysLog program. SysLogViewer main screen:
By default, the program collects all the logs on port 514 and writes the output of the logs to the main screen. In this case, from each device logs are written in the hotel tab. At any time, you can stop the collection of logs by pressing the "pause" button. Open log example:
As you can see, the logs are structured and correctly colored by colors, and SIP messages are presented in a conveniently readable form. Moreover, the program has tools that allow you to speed up the process of searching and analyzing logs:
An example of a search in the logs:
Moreover, the search criteria can be changed
One of the most important, in my opinion, functions of this program is the ability to view call flow calls and exchange messages. In order to display the call flow of calls, you need to press the “i” button
After clicking, a separate window will open with the Call flow of all the dialogs in the current log:
As you can see, SysLogViewer parses all messages by dialogue and displays them in the form of a diagram. By clicking on the message, the corresponding message is automatically displayed in the lower right corner, and the SysLogViewer main screen will move to this message. Thus, finding the right message in the log becomes much easier and faster. Also, this diagram shows all devices with all addresses and directions of messages, which also facilitates the analysis of calls. It should be noted that in this example the SBC variant is considered when a SIP <-> SIP call is made. If one of the parties to the call is carried out via TDM, then in this case, this utility displays all TDM messages, including actions on the analog line.
Also, this utility has a number of functions, for simple work with a large amount of information:
To summarize, we can highlight the following positive points of this utility:
Good use.
PS This software is used to analyze AudioCodes logs and is provided free of charge. Technical support for this product is not available.
To begin with, let's look at how to include logs correctly and where they can be viewed.
In order to enable logging, you need to go to the Configuration -> System -> SysLog Settings page:
Let us analyze the parameters that we need.
- Enable Syslog - Enable
- SysLog Server IP Address - IP address of the computer where logs are collected using the SysLog protocol
- Debug Level: x
- 5 - collecting the maximum of all logs with the maximum priority.
- 7 - collection of all logs, while priority is given to the call processing process. That is, if the device is under heavy load, then the priority will be to handling calls and then collecting logs. In this mode, under load, some of the logs can be lost.
')
After enabling logging, you can collect logs both locally, via the web interface, and remotely via SysLog. Let's look at both of these options:
Collection via a Web browser is carried out in the menu: Status & Diagnostics -> System Status -> Message Log.
An example of such a conclusion is below:
This option fees logs may be relevant in the following cases:
- When you need to quickly analyze something locally
- When the device has a minimum load
The main disadvantages of this collection of logs:
- When a large load is loaded, both the device itself and the browser, which must constantly display a large amount of information.
- When you select a text and copy it into a text editor, it is not very convenient to read text. Moreover, the readability of this text depends on the type of browser you use. I can immediately say that there is no perfect browser for this.
- Since a large amount of resources is required when outputting to the web, Mediant can skip a number of messages. So, when removing logs, it is important to keep track of the sequence numbers of messages, they should go without gaps. When collecting via the Web, especially under load, quite often some messages are simply lost. Below is an example of a single message with a sequence number.
18:38:14 52: 10.33.45.72: NOTICE: [S = 235] [SID: 1034099026] (lgr_psbrdex) (619) recv <- DIGIT (0) Ch: 0 OnTime: 0 InterTime: 100 Direction: 0 System: 1 [File: Line :-one] - Through a Web browser, AudioCodes devices do not show the contents of SDP SIP packets.
The second method is more correct and reliable - collecting logs remotely. But here, as a rule, the question arises - which program is better to collect logs. At the moment there are many different programs that allow you to collect SysLog. Due to the fact that of all popular programs, there are no programs optimized for the AudioCodes format, which is logical, AudioCodes has developed its own log collection program - SysLogViewer. Link to this program:
download
This is a program for analyzing AudioCodes logs. It collects logs and their analysis, or analyzes logs and converts them into a conveniently readable format from the following file types: text, Wireshark. I will give an example on the basis of a previously collected trace in the .log format, collected using the ACSysLog program. SysLogViewer main screen:
By default, the program collects all the logs on port 514 and writes the output of the logs to the main screen. In this case, from each device logs are written in the hotel tab. At any time, you can stop the collection of logs by pressing the "pause" button. Open log example:
As you can see, the logs are structured and correctly colored by colors, and SIP messages are presented in a conveniently readable form. Moreover, the program has tools that allow you to speed up the process of searching and analyzing logs:
An example of a search in the logs:
Moreover, the search criteria can be changed
- Case Sensitive - Search will be case sensitive.
- Whole Words Only - Searches for complete words only
- Use Regular Expressions - you can enter regular expressions in the search bar
One of the most important, in my opinion, functions of this program is the ability to view call flow calls and exchange messages. In order to display the call flow of calls, you need to press the “i” button
After clicking, a separate window will open with the Call flow of all the dialogs in the current log:
As you can see, SysLogViewer parses all messages by dialogue and displays them in the form of a diagram. By clicking on the message, the corresponding message is automatically displayed in the lower right corner, and the SysLogViewer main screen will move to this message. Thus, finding the right message in the log becomes much easier and faster. Also, this diagram shows all devices with all addresses and directions of messages, which also facilitates the analysis of calls. It should be noted that in this example the SBC variant is considered when a SIP <-> SIP call is made. If one of the parties to the call is carried out via TDM, then in this case, this utility displays all TDM messages, including actions on the analog line.
Also, this utility has a number of functions, for simple work with a large amount of information:
- Filtering logs by IP address.
- Limiting file size for saving and splitting one log into several files.
- Create a separate log file for each device.
- Filtering the incoming log.
- The utility itself checks for updates and updates, thus does not require every time to look for a new version of this software.
To summarize, we can highlight the following positive points of this utility:
- The AudioCodes log is easier to read and better to read.
- If you want to ask someone to collect logs, now you don’t need to install special software to collect logs, but rather collect the trace using WireShark and send it to you. SysLogViewer will parse and translate the contents.
- Search for the necessary information has become much faster.
Good use.
PS This software is used to analyze AudioCodes logs and is provided free of charge. Technical support for this product is not available.
Source: https://habr.com/ru/post/263711/
All Articles