In this Section:
The information presented in this section is useful when you use remote syslog servers in tandem with the SBC for copying and storing various types of SBC logs.
The SBC supports copying several types of application logs to the /var/log/messages
file of the remote syslog servers.
The logs copied to the syslog server and their source files are defined in the /etc/rsyslog.conf
file of the SBC. The root
user of the SBC has read/write/copy access to the file; the user groups and the permissions are also defined in the configuration file.
Although not recommended (see this recommendation for more information), the root user can manually edit the /etc/rsyslog.conf
file to include the following types of logs in the list of logs transferred to the remote syslog server:
/var/log/debug*
and /var/log/messages*
files of the SBCThe source log files for most of them can be found in the /var/log/
directory of the SBC.
The SBC supports copying the following types of application logs to the remote syslog server:
/var/log/sonus/sbx/evlog
and /var/log/sonus/evlog/evlog
directory of the SBC. The following types of event logs are supported:.ACT
).AUD
).DBG
).TRC
).SYS
)Security (.SEC
)
Memory (.MEM
) and Packet (.PKT
) logs are not supported.
/var/log/audit/
directory of the SBC.
The syslog protocol manages the transfer of data packets between the SBC and the remote syslog server, but does not defines the format in which the different types of logs sent from the SBC is written on the /var/log/messages
file of the remote syslog server. The SBC records the system and application logs in different formats in separate files, but all the differently formatted logs are copied to a single file on the remote server.
Sonus recommends:
/etc/rsyslog.conf
file of the SBC. You may comment out some of the log configurations that you do not want to copy to the syslog server (for example, the entries corresponding to mails)./etc/resyslog.conf
file, especially if you want to copy SBC Application level logs to the remote syslog server.
The SBC identifies the remote syslog server corresponding to event logs from the configuration provided for the following parameters associated with the oam eventLog typeAdmin
object:
syslogRemoteHost
syslogRemotePort
syslogRemoteProtocol
syslogState
The SBC identifies the remote syslog server corresponding to platform audit logs from the configuration provided for the following parameters associated with the oam eventLog platformAuditLog
object:
auditLogPort
auditLogProtocolType
auditLogRemoteHost
state
The configurations so received are written on the /etc/rsyslog.conf
file of the SBC. In case of an HA configuration of the SBC, logs from both active and standby nodes are copied.
For more information on configuration, refer to Event Log - CLI.