There are two options:
1. We use the wireshark utility, I think most know what it is and how to use it.
2. And the second option, we use a special utility 3CX Log Viewer, developed by the 3CX team for log analysis and deep analysis. The utility is completely free .

Undoubtedly, wireshark is a wonderful and handy utility for getting logs in real time. But often there are situations when you need to look at the logs for the past period. For example, for night activity (unauthorized calls). In this case, the utility from 3CX will help us:


')

1. Window of all logs
2. Information display filter settings window (tags)
3. Tag display
4. Detailed information

Filter Settings Window

Fields From and To - filter by date
Tags column - selection of tags for displaying logs. For example, CallerID is a call number ID or DN is a tag for selecting an extension number.

The most useful tags to use in the filter:

Callid - Each call has its own number, this tag allows you to filter the log by the call number:



Cause.Reason - tag that shows the available answers / requests in the current log:



Contact.Host is a tag that shows available ip-addresses or hosts in the current log:



DestAddr.Host and SrcAddr.Host - shows available Source and Destination ip-addresses / hosts



DN is a tag that displays available extension numbers (including line numbers, queues, groups, etc.) that have activity:



SipMsg.Method is a tag that can be filtered by the type of SIP messages.



Column Tag formula - display and composition of the formula. Variables are used:

• AND is the variable "and", the output of information using multiple tags.
• OR - variable "or", the output of information from one of their used tags.
• NOT is a variable that does not display information on the specified tag.

Highlight Matching Logs - if used, the full log for the selected period is displayed, and the filter criteria is displayed in red:

Tag display

A window that displays the tags used in the selected entry. From this window, you can easily make a filter by double clicking on one of the tags:

Detailed information

Detailed information window displays detailed information, standard fields for SIP request / response with information output, if SDP (media data description) is present, then this description also falls here.

Additional settings

Setting the output filter.




The setting allows you to choose which messages to display in the log. In addition, a logging level is available:

• Or deduce all
• Display logging depth. The higher the level, the more service information gets into the log. The logging level is configured in the 3CX web interface:

Thus, this parser will help to get more in-depth information on the necessary logs for a certain period.

How to use

Available version for 32 and 64 bit systems:
3CX Log viewer 32 bit
3CX Log viewer 64 bit

Note. The current version of the 3CX System runs under the 64 bit operating system. If you installed the program under 32 bit, then you can download the log file ( C: \ ProgramData \ 3CX \ Instance1 \ Data \ Logs ):



And select the desired file. Blrec file format



I hope this article will help to get the necessary information in the future.