Filtering Ip Network Traces; Configuring Syslog - AudioCodes Mediant 4000 SBC User Manual
Session border controllers
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (964 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (844 pages)
Table of Contents
Advertisement
CHAPTER 52 Syslog and Debug Recording
Filtering IP Network Traces
You can filter Syslog and debug recording messages for IP network traces, by configuring the 'Filter
Type' parameter to IP Trace in the Logging Filters table. IP traces are used to record any IP stream
, according to destination and/or source IP address, or port and Layer-4 protocol (UDP, TCP or any
other IP type as defined by http://www.iana.com). Network traces are typically used to record
HTTP.
When the IP Trace option is selected, only the 'Value' parameter is applicable; the 'Syslog' and
'Capture Type' parameters are not relevant. The 'Value' parameter configures the Wireshark-like
filtering expressions for your IP trace. The following Wireshark-like expressions are supported:
Table 52-2: Supported Wireshark-like Expressions for 'Value' Parameter
Expression
ip.src, ip.dst
ip.addr
ip.proto
udp, tcp, icmp, sip, ldap,
http, https
udp.port, tcp.port
udp.srcport, tcp.srcport
udp.dstport, tcp.dstport
and, &&, ==, <, >
Below are examples of configured expressions for the 'Value' parameter:
■
udp && ip.addr==10.8.6.55
■
ip.src==10.8.6.55 && udp.port>=5000 and udp.port<6000
■
ip.dst==10.8.0.1/16
■
ip.addr==10.8.6.40
For conditions requiring the "or" / "||" expression, add multiple table rows. For example, the
Wireshark condition " (ip.src == 1.1.1.1 or ip.src == 2.2.2.2) and ip.dst == 3.3.3.3" can be
configured using the following two table row entries:
1.
ip.src == 1.1.1.1 and ip.dst == 3.3.3.3
2.
ip.src == 2.2.2.2 and ip.dst == 3.3.3.3
●
●
Configuring Syslog
This section describes how to configure Syslog. To filter Syslog messages, see
Filter
Rules.
Source and destination IP address
IP address - up to two IP addresses can be entered
IP protocol type (PDU) entered as an enumeration value (e.g., 1 is
ICMP, 6 is TCP, 17 is UDP)
Single expressions for protocol type
Transport layer
Transport layer for source port
Transport layer for destination port
Between expressions
If the 'Value' parameter is undefined, the device records all IP traffic types.
You cannot use ip.addr or udp/tcp.port together with ip.src/dst or
udp/tcp.srcport/dstport. For example, "ip.addr==1.1.1.1 and ip.src==2.2.2.2" is an
invalid configuration value.
Description
- 817 -
Mediant 4000 SBC | User's Manual
Configuring Log
Advertisement
Table of Contents
Troubleshooting
