Configuring Syslog; Syslog Message Format - AudioCodes Mediant 4000 SBC User Manual
Session border controller
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (1037 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (822 pages)
Table of Contents
Advertisement
Expression
udp.srcport, tcp.srcport
udp.dstport, tcp.dstport
and, &&, ==, <, >
Below are examples of configured expressions for the 'Value' parameter:
udp && ip.addr==10.8.6.55
ip.src==10.8.6.55 && udp.port>=5000 and udp.port<6000
ip.dst==10.8.0.1/16
ip.addr==10.8.6.40
For conditions requiring the "or" / "||" expression, add multiple table rows. For example, the
Wireshark condition "(ip.src == 1.1.1.1 or ip.src == 2.2.2.2) and ip.dst == 3.3.3.3" can be
configured using the following two table row entries:
1.
ip.src == 1.1.1.1 and ip.dst == 3.3.3.3
2.
ip.src == 2.2.2.2 and ip.dst == 3.3.3.3
Note:
•
If the 'Value' parameter is undefined, the device records all IP traffic types.
•
You cannot use ip.addr or udp/tcp.port together with ip.src/dst or
udp/tcp.srcport/dstport. For example, "ip.addr==1.1.1.1 and ip.src==2.2.2.2" is an
invalid configuration value.
53.2
Configuring Syslog
This section describes how to configure Syslog. To filter Syslog messages, see
''Configuring Log Filter Rules'' on page 759.
53.2.1 Syslog Message Format
The Syslog message is sent from the device to a Syslog server as an ASCII (American
Standard Code for Information Interchange) message. Syslog uses UDP as its underlying
transport layer mechanism. By default, UDP port 514 is assigned to Syslog, but this can be
changed (see ''Enabling Syslog'' on page 769).
Syslog includes two types of log messages:
SIP call session logs: Logs relating to call sessions (e.g., call established). These logs
are identified by a session ID ("SID"), described in detail in the table below. The
following is an example of a SIP-session related Syslog message:
13:10:57.811 : 10.13.4.12 : NOTICE
(lgr_flow)(63)
address 10.33.2.42:5060 [Time: 04-19-2012@18:29:39]
Board logs: Logs relating to the operation of the device (infrastructure) that are non-
call session related (e.g., device reset or Web login). These logs are identified by a
board ID ("BID"), described in detail in the table below. The following is an example of
a board Syslog message:
User's Manual
Transport layer for source port
Transport layer for destination port
Between expressions
UdpTransportObject#0- Adding socket event for
764
Mediant 4000 SBC
Description
: [S=235][SID:2ed1c8:96:5]
Document #: LTRT-40203
Advertisement
Table of Contents
