In this section:
Use the Type Admin window to configure event log handling for each type of event log. On the SBC main screen, go to Administration > Accounting and Logs > Event Log > Type Admin. The Type Admin window opens showing a row for each type of event log with its current configuration settings. To edit the configuration of one of the event log types, click the radio button next to the specific type. The Edit Selected Type Admin window opens for the selected type with its current configuration settings shown. In the following example the selected type is "System." The following fields are displayed: Parameter Description Type The type of the event log. Each type has separate configuration parameters and logs to a separate file. State Specifies the requested state of the given event log type. Accounting logs cannot be disabled. File Count The number of event log files that will be maintained for this event type. All event types will overwrite the oldest file when the file count is exceeded. A warning will be issued when the count approaches the maximum. Enter a value between the range 1 and 2048. File Size The maximum size (in KB) that a single event log file will ever grow to. Enter a value between in the range (256-65535) KB. File size should be set to 65535 for trace and account logs when trying to trace all the calls on the system for use with Protect. Message Queue Size The number of event log message entries to buffer before writing them to disk. The size may be a value between 2 and 100. The default is 10. If capturing all of the SIP PDU messages in the trace log for use with Protect, set this value to 100 for the trace log. Save To Save events. The values are: Filter Level The filter severity level of events. Events that are at least as severe as the designated level will be logged. Noevents suppresses all events of this type from being logged. Rollover Start Time Specifies the start time for event log rollover. The format is CCYY-MM-DDTHH:MM:SS. For example: 2010-01-01T01:01:01. Rollover Interval Enter the number of seconds for the event log rollover interval. The range is 0 to 31536000. Rollover Type Event log rollover type. Options are: Rollover Action Event log rollover actions. The values are: File Write Mode Identifies event log NFS write mode. The values are: Syslog State Enable this option to log events of specified type to syslog. Syslog Configuration is not supported for Packet and Memusage logs. Rename Open Files Enable this option to append an ".OPEN" extension to accounting and files which are open for writing. You must enable the Signaling Packet Capture "State" flag to capture SIP and H.323 packets (Refer to Call Trace and Packet Capture - Signaling Packet Capture for configuration details). Once Signaling Packet Capture is enabled, any subsequent changes to the SBC device configurations or filter information will not be available to signaling packet captures until the state is reset (state is disabled, and then re-enabled). Specifies whether the logs at rest for this log type should be cryptographically hashed. The values are: Hashing is only recommended for the security and audit logs. These are the main logs required to triage security issues and do not roll very frequently. You must disable this control for any logs which are rolling at a very high rate, for example, if capturing trace logs of all SIP PDUs for use with Protect. If logs are being exported using Rsyslog then there is no need to enable Event Log Validation as the logs are copied off the SBC before they could be modified. Refer to OAM - Event Log - Platform Rsyslog. Specifies whether files are compressed. (Applies only to the Acct type.) Alternate directory name (containing no slashes) under the evlog file directory from which compressed files are removed after Compression Days to Keep days elapse (Applies only to the Acct type.). You must create a script to transfer the compressed file to the newly-created directory. Use this flag to instruct the SBC to write CDRs as compressed, or uncompressed. For backwards compatibility, use this flag to switch between the legacy and CNF logging formats of the debug, system, and security Type Admin options at runtime by either enabling or disabling the For CNF, the format is: YYYY-MM-DD HH:MM:SS ZONE File administratively closed For non-CNF, the format remains: MMDDYYYY HHMMSS ZONE: File administratively closed This flag is applicable for SBC CNe deployments only with respect to the debug, system, and security files. Make any required changes and click Save to apply the changes to the selected event log type.To View Type Admin Configuration
To Edit Type Admin Configuration
Optimize write mode results in IP fragmentation, but yields better throughput.
Note
Note
Disk Throttle Limit Specifies the limit on INFO level messages logged to the disk in one second. A value of 0 disables the limit. The default is 10000 and the value can go up to 4,294,976,295. For the trace log, if tracing is being performed to capture all of the SIP PDU for all of the calls on the system for use in conjunction with Protect, then this value needs to be tuned to accommodate the maximum call load anticipated for the SBC instance. For example, for a call rate of 1350 cps and assuming 14 messages in a basic SIP call (ingress and egress legs), it would require a total of 18,900 messages. Adding this to the default 10000, the recommendation in this case would be to set the limit at 30,000. (Applies only to the System type.) Event Log Validation
Important
Compression Support Compression Days to Keep The number of days to keep compressed files before deleting, from 1-14 (Applies only to the Acct type.). Default = 5. Compression Cleanup Directory
Note
CDR File Transfer Type Cnf Log Format cnfLogFormat flag.
Note
Overview
Content Tools