The Logs Management window provides the ability to download and delete SBC log files.
For information on SBC's support for remote syslog servers and the supported log types, refer to Supported Log Types.
On the SBC main screen, navigate to Troubleshooting > Call Trace/Logs/Monitors > Log Management. The Logs Management window is displayed.
If there are no files generated by the SBC for a type of log/trace, the corresponding log/trace option is not displayed in the list within the Log Management pane.
The Log Management pane is divided into the two vertical sections:
- The left side provides a list of all the available log types.
Once a log type is selected on the left, the right side provides a list of log files of the type selected:
Log Types
The following log types are displayed in the Log Management pane:
For security protection, the Netconf interface does not support "/aaa" records.
The log files related to user activities in the EMA are available at the following directory of the SBC: /var/log/sonus/ema/log
Example Log Parameters
Downloading Logs
Click adjacent to the log you want to download. See the Log Types table above for the description of each type of log.
You can view the log or save it on local drive. Depending on your browser settings, the file either opens in a text viewer automatically or a download confirmation window is displayed.
Once downloaded, open the log file with a text editor like Notepad++. Any text editor program is capable of opening the log files. However, text editors used for programming displays the log files in a properly formatted manner.
The examples below shows content samples from Platform Audit Log files and Event Audit Log files.
Platform Audit Log file - Sample Content
type=DAEMON_START msg=audit(1498713982.579:6028): auditd start, ver=1.7.18 format=raw kernel=3.16.39 auid=0 pid=29874 res=success type=CONFIG_CHANGE msg=audit(1498713982.679:2): audit_backlog_limit=400 old=64 auid=0 ses=3112 res=1 type=CONFIG_CHANGE msg=audit(1498713982.699:3): auid=0 ses=3112 op="add rule" key="delete" list=4 res=1 type=CONFIG_CHANGE msg=audit(1498713982.727:4): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1 type=CONFIG_CHANGE msg=audit(1498713982.739:5): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1 type=CONFIG_CHANGE msg=audit(1498713982.755:6): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1 type=CONFIG_CHANGE msg=audit(1498713982.767:7): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1 type=LOGIN msg=audit(1498714380.853:35): pid=32295 uid=0 old-auid=0 auid=3000 old-ses=95 ses=3113 res=1 type=LOGIN msg=audit(1498714382.993:36): pid=32437 uid=0 old-auid=0 auid=3000 old-ses=95 ses=3114 res=1 type=LOGIN msg=audit(1498714501.897:37): pid=878 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3115 res=1 type=LOGIN msg=audit(1498714563.885:38): pid=1185 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3116 res=1 type=LOGIN msg=audit(1498714632.126:39): pid=1551 uid=0 old-auid=0 auid=3000 old-ses=95 ses=3117 res=1 type=LOGIN msg=audit(1498714634.518:40): pid=1757 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3118 res=1 type=SYSCALL msg=audit(1498715463.941:53): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=180 a2=180 a3=0 items=1 ppid=7168 pid=7172 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3130 comm="logrotate" exe="/usr/sbin/logrotate" key="permission-change" type=PATH msg=audit(1498715463.941:53): item=0 name=(null) inode=313909 dev=fe:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL type=UNKNOWN[1327] msg=audit(1498715463.941:53): proctitle=2F7573722F7362696E2F6C6F67726F74617465002F6574632F7362784C6F67726F746174652E636F6E66 type=SYSCALL msg=audit(1498715463.941:54): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=1b0 a2=0 a3=0 items=1 ppid=7168 pid=7172 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3130 comm="logrotate" exe="/usr/sbin/logrotate" key="permission-change" type=PATH msg=audit(1498715463.941:54): item=0 name=(null) inode=313909 dev=fe:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL type=UNKNOWN[1327] msg=audit(1498715463.941:54): proctitle=2F7573722F7362696E2F6C6F67726F74617465002F6574632F7362784C6F67726F746174652E636F6E66 type=LOGIN msg=audit(1498715701.725:55): pid=8550 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3131 res=1 type=LOGIN msg=audit(1498716085.366:56): pid=10571 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3132 res=1 type=LOGIN msg=audit(1498716129.369:57): pid=11232 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3133 res=1
Event Audit Log file - Sample Content
The sample shown below is from a Event Log file with an .AUD
extension. The possible extensions for an Event Log file are:
.SEC
.AUD
.DBG
.SYS
.ACT
.TRC
.PKT
The following example includes a second header line found in logs created on SBC SWe deployments on OpenStack. The line includes the Virtual Network Function Component ID (VNFC-ID) which uniquely identifies the SBC SWe instance from which the log was retrieved. The VNFC-ID is added to system, debug, trace, security, audit, and memory logs on SBC SWe deployments on OpenStack.
Sonus Networks, Inc.0000000001600000000000000000000128V07.00.000000 0000000000000000000000000000AUD2018042415035200000000000000 Cloud Instance, release.we.700x-isbc-a-1 118 04242018 150422.651889:1.01.00.00000.Minor .CHM: audit user: admin1/38 Logged out from maapi ctx=maapi (closed) 129 04252018 084658.997675:1.01.00.00000.Minor .SBCINTF: audit user: admin/0 logged in over ssh from 127.0.0.1 through netconf 129 04252018 084702.435309:1.01.00.00000.Minor .SBCINTF: audit user: admin/0 logged in over ssh from 127.0.0.1 through netconf 105 04252018 084704.507995:1.01.00.00000.Minor .SBCINTF: audit user: admin/0 Logged out ssh <PAM> user 129 04252018 084745.650292:1.01.00.00000.Minor .SBCINTF: audit user: admin/0 logged in over ssh from 127.0.0.1 through netconf 129 04252018 084746.671513:1.01.00.00000.Minor .SBCINTF: audit user: admin/0 logged in over ssh from 127.0.0.1 through netconf 129 04252018 084747.582214:1.01.00.00000.Minor .SBCINTF: audit user: admin/0 logged in over ssh from 127.0.0.1 through netconf 105 04252018 084748.673826:1.01.00.00000.Minor .SBCINTF: audit user: admin/0 Logged out ssh <PAM> user 105 04252018 084749.934381:1.01.00.00000.Minor .SBCINTF: audit user: admin/0 Logged out ssh <PAM> user 105 04252018 084750.963892:1.01.00.00000.Minor .SBCINTF: audit user: admin/0 Logged out ssh <PAM> user
Deleting Logs
Once a log file is deleted, it cannot be retrieved from any location.
Click adjacent to the log you want to delete. A delete confirmation dialog box is displayed.
- Click Delete to remove the log from the list.