In this section:
The information presented in this section is useful when you use remote syslog servers in tandem with the SBC for copying and storing various types of SBC logs.
Supported Log Types
The SBC supports copying several types of application logs to the /var/log/messages
file of the remote syslog servers.
The logs copied to the syslog server and their source files are defined in the /etc/rsyslog.conf
file of the SBC. The root
user of the SBC has read/write/copy access to the file; the user groups and the permissions are also defined in the configuration file.
Although not recommended (see this recommendation for more information), the root user can manually edit the /etc/rsyslog.conf
file to include the following types of logs in the list of logs transferred to the remote syslog server:
- Standard system-level facilities logs
- Mail logs
- INN news system logs
- Some “catch all” logs, as found in the
/var/log/debug*
and/var/log/messages*
files of the SBC - Emergency broadcast logs
The source log files for most of them can be found in the /var/log/
directory of the SBC.
Supported SBC Application Log Types
The SBC supports copying the following types of application logs to the remote syslog server:
- Event Logs; log files are in the
/var/log/sonus/sbx/evlog
and/var/log/sonus/evlog/evlog
directory of the SBC. The following types of event logs are supported: - Accounting (
.ACT
) - Audit (
.AUD
) - Debug (
.DBG
) - Trace (
.TRC
) - System (
.SYS
) Security (
.SEC
)NoteMemory (
.MEM
) and Packet (.PKT
) logs are not supported.- Platform Audit Logs; log files are in the
/var/log/audit/
directory of the SBC.
The syslog protocol manages the transfer of data packets between the SBC and the remote syslog server, but does not defines the format in which the different types of logs sent from the SBC is written on the /var/log/messages
file of the remote syslog server. The SBC records the system and application logs in different formats in separate files, but all the differently formatted logs are copied to a single file on the remote server.
Ribbon recommends:
- Not to manually modify the
/etc/rsyslog.conf
file of the SBC. You may comment out some of the log configurations that you do not want to copy to the syslog server (for example, the entries corresponding to mails). - Contacting Ribbon Customer Support before adding new configuration entries to the
/etc/resyslog.conf
file, especially if you want to copy SBC application level logs to the remote syslog server. - The system administrator of the remote syslog server deploy tools for managing the logs received by the servers.
Mapping of Log Types to System Facilities
Table 1: Log Types and System Facilities
Log Type | Facility | |
---|---|---|
System | 16 | local0 |
Debug | 17 | local1 |
Trace | 18 | local2 |
Security | 19 | local3 |
Audit | 20 | local4 |
Accounting | 22 | local6 |
Platform Audit Logs | 23 | local7 |
Mapping of SBC Error Levels to System Error Levels
Table 2: SBC Error Levels and System Levels
SBC Level | Syslog Level | Keyword | Value |
---|---|---|---|
Critical | Critical | crit | 2 |
Major | Error | err | 3 |
Minor | Warning | warn | 4 |
Info | Informational | info | 6 |
Configuration Parameters
The SBC identifies the remote syslog server corresponding to event logs from the configuration provided for the following parameters associated with the oam eventLog typeAdmin
object:
syslogRemoteHost
syslogRemotePort
syslogRemoteProtocol
syslogState
The SBC identifies the remote syslog server corresponding to platform audit logs from the configuration provided for the following parameters associated with the oam eventLog platformAuditLog
object:
auditLogPort
auditLogProtocolType
auditLogRemoteHost
state
The configurations so received are written on the /etc/rsyslog.conf
file of the SBC. In case of an HA configuration of the SBC, logs from both active and standby nodes are copied.
For more information on configuration, refer to Event Log - CLI.
SYS_ERR Back Trace Throttling
The SBC keeps a historic list of the last 25 SYS_ERR events generated and will only generate function stack traces for the first occurrence. The SBC will periodically generate a log with the counts of known SYS_ERR events if they continue to grow. The output is written to a log file/var/log/sonus/sbx/openclovis/backtrace.log. The file is added to a log rotation cron job schedule.
The Log rotation criteria is:
Maximum file size before rotation: 1 MB
Total number of logs: 5
In earlier versions of the SBC, processing the SYS_ERR events was expensive as the SBC would write a function stack trace to disk each time.