In this Section:

The information presented in this section is useful when you use remote syslog servers in tandem with the SBC for copying and storing various types of SBC logs.

Supported Log Types

The SBC supports copying several types of application logs to the /var/log/messages file of the remote syslog servers.

 The logs copied to the syslog server and their source files are defined in the /etc/rsyslog.conf file of the SBC. The root user of the SBC has read/write/copy access to the file; the user groups and the permissions are also defined in the configuration file.

Caution

Although not recommended (see this recommendation for more information), the root user can manually edit the /etc/rsyslog.conf file to include the following types of logs in the list of logs transferred to the remote syslog server:

  • Standard system-level facilities logs
  • Mail logs
  • INN news system logs
  • Some “catch all” logs, as found in the /var/log/debug* and /var/log/messages* files of the SBC
  • Emergency broadcast logs

The source log files for most of them can be found in the /var/log/ directory of the SBC.

Supported SBC Application Log Types

The SBC supports copying the following types of application logs to the remote syslog server:

  • Event Logs; log files are in the /var/log/sonus/sbx/evlog and /var/log/sonus/evlog/evlog directory of the SBC. The following types of event logs are supported:
    • Accounting (.ACT)
    • Audit (.AUD)
    • Debug (.DBG)
    • Trace (.TRC)
    • System (.SYS)
    • Security (.SEC)

      Note

      Memory (.MEM) and Packet (.PKT) logs are not supported.

  • Platform Audit Logs; log files are in the /var/log/audit/ directory of the SBC.

 

Note

The syslog protocol manages the transfer of data packets between the SBC and the remote syslog server, but does not defines the format in which the different types of logs sent from the SBC is written on the /var/log/messages file of the remote syslog server. The SBC records the system and application logs in different formats in separate files, but all the differently formatted logs are copied to a single file on the remote server.

Sonus recommends:

  • Not to manually modify the /etc/rsyslog.conf file of the SBC. You may comment out some of the log configurations that you do not want to copy to the syslog server (for example, the entries corresponding to mails).
  • Contacting the Sonus Customer Support Team before adding new configuration entries to the /etc/resyslog.conf file, especially if you want to copy SBC Application level logs to the remote syslog server.
  • The system administrator of the remote syslog server deploy tools for managing the logs received by the servers.

 

Mapping of Log Types to System Facilities

Log Types and System Facilities

Log TypeFacility
System16local0
Debug17local1
Trace18local2
Security19local3
Audit20local4
Accounting22local6
Platform Audit Logs23local7
 

Mapping of SBC Error Levels to System Error Levels

SBC Error Levels and System Levels

SBC LevelSyslog LevelKeywordValue
CriticalCriticalcrit2
MajorErrorerr3
MinorWarningwarn4
InfoInformationalinfo6
 

Configuration Parameters

The SBC identifies the remote syslog server corresponding to event logs from the configuration provided for the following parameters associated with the oam eventLog typeAdmin object:

  • syslogRemoteHost
  • syslogRemotePort
  • syslogRemoteProtocol
  • syslogState

The SBC identifies the remote syslog server corresponding to platform audit logs from the configuration provided for the following parameters associated with the oam eventLog platformAuditLog object:

  • auditLogPort
  • auditLogProtocolType
  • auditLogRemoteHost
  • state

The configurations so received are written on the /etc/rsyslog.conf file of the SBC. In case of an HA configuration of the SBC, logs from both active and standby nodes are copied.

For more information on configuration, refer to Event Log - CLI.

  • No labels