Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel

Table of Contents

Log The Logs Management window provides options to:

...

the ability to filter, download, and delete the SBC logs according to the log types.

On SBC main screen, go navigate to Troubleshooting > Call Trace/Logs/Monitors > Log Management. The Log Logs Management window is displayed.

...

  1. Click  displayed against the respective log.

    Caption
    0Figure
    1Download Log File
     


    Depending on the browser settings, the file either opens in a text viewer automatically or a download confirmation window is displayed. You can view the log in a notepad or save it on local drive.

    Caption
    0Figure
    1Save Log File
     

 

Once downloaded, open the log file with text editors like Notepad++. Any popular text editor program is capable of opening the log files. However, text editors used for programming displays the log files in a properly formatted manner.

The examples below shows content samples from random Platform Audit Log files and Event Audit Log files.

Platform Audit Log file - Sample Content

Code Block
type=DAEMON_START msg=audit(1498713982.579:6028): auditd start, ver=1.7.18 format=raw kernel=3.16.39 auid=0 pid=29874 res=success
type=CONFIG_CHANGE msg=audit(1498713982.679:2): audit_backlog_limit=400 old=64 auid=0 ses=3112 res=1
type=CONFIG_CHANGE msg=audit(1498713982.699:3): auid=0 ses=3112 op="add rule" key="delete" list=4 res=1
type=CONFIG_CHANGE msg=audit(1498713982.727:4): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1
type=CONFIG_CHANGE msg=audit(1498713982.739:5): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1
type=CONFIG_CHANGE msg=audit(1498713982.755:6): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1
type=CONFIG_CHANGE msg=audit(1498713982.767:7): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1
type=LOGIN msg=audit(1498714380.853:35): pid=32295 uid=0 old-auid=0 auid=3000 old-ses=95 ses=3113 res=1
type=LOGIN msg=audit(1498714382.993:36): pid=32437 uid=0 old-auid=0 auid=3000 old-ses=95 ses=3114 res=1
type=LOGIN msg=audit(1498714501.897:37): pid=878 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3115 res=1
type=LOGIN msg=audit(1498714563.885:38): pid=1185 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3116 res=1
type=LOGIN msg=audit(1498714632.126:39): pid=1551 uid=0 old-auid=0 auid=3000 old-ses=95 ses=3117 res=1
type=LOGIN msg=audit(1498714634.518:40): pid=1757 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3118 res=1
type=SYSCALL msg=audit(1498715463.941:53): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=180 a2=180 a3=0 items=1 ppid=7168 pid=7172 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3130 comm="logrotate" exe="/usr/sbin/logrotate" key="permission-change"
type=PATH msg=audit(1498715463.941:53): item=0 name=(null) inode=313909 dev=fe:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL
type=UNKNOWN[1327] msg=audit(1498715463.941:53): proctitle=2F7573722F7362696E2F6C6F67726F74617465002F6574632F7362784C6F67726F746174652E636F6E66
type=SYSCALL msg=audit(1498715463.941:54): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=1b0 a2=0 a3=0 items=1 ppid=7168 pid=7172 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3130 comm="logrotate" exe="/usr/sbin/logrotate" key="permission-change"
type=PATH msg=audit(1498715463.941:54): item=0 name=(null) inode=313909 dev=fe:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL
type=UNKNOWN[1327] msg=audit(1498715463.941:54): proctitle=2F7573722F7362696E2F6C6F67726F74617465002F6574632F7362784C6F67726F746174652E636F6E66
type=LOGIN msg=audit(1498715701.725:55): pid=8550 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3131 res=1
type=LOGIN msg=audit(1498716085.366:56): pid=10571 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3132 res=1
type=LOGIN msg=audit(1498716129.369:57): pid=11232 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3133 res=1

 

Event Audit Log file - Sample Content

Note
iconfalse

The sample shown below is from a Event Log file with a .AUD extension. The possible extensions for a Event Log file are:

  • .SEC
  • .AUD
  • .DBG
  • .SYS
  • .ACT
  • .TRC
  • .PKT
Code Block
Sonus Networks, Inc.0000000001600000000000000000000128V05.01.02A018 0000000000000000000000000000AUD2017062101353200000000000000
117 06212017 013605.774579:1.01.00.00000.Minor   .CHM: audit user: admin/18 Logged out from maapi ctx=maapi (closed)
128 06212017 013609.134089:1.01.00.00000.Minor   .SBCINTF: audit user: callTraceGuest/0 logged in over ssh from ::1 through cli
131 06212017 013735.315029:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}: created 
144 06212017 013735.315271:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/name: set to emaTarget
139 06212017 013735.315552:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/port: set to 8162
143 06212017 013735.315804:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/state: set to enabled
150 06212017 013735.316048:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/targetUsername: set to admin
149 06212017 013735.316332:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/ipAddress: set to 127.0.0.1
158 06212017 013735.316556:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/targetSecurityLevel: set to authPriv
203 06212017 013735.318434:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrTagList: set to std_v2_trap
209 06212017 013735.318694:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrTAddress: set to 127.0.0.1.31.226
205 06212017 013735.318944:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrTDomain: set to 1.3.6.1.6.1.1
202 06212017 013735.319195:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrParams: set to std_v2_trap
196 06212017 013735.319450:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrTimeout: set to 1500
207 06212017 013735.319703:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrStorageType: set to nonVolatile
196 06212017 013735.319953:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrRetryCount: set to 3
192 06212017 013735.320232:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrMMS: set to 2048
211 06212017 013735.320994:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetParamsTable/snmpTargetParamsEntry{std_v3_trap_emaTarget}/snmpTargetParamsMPModel: set to 3
220 06212017 013735.321242:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetParamsTable/snmpTargetParamsEntry{std_v3_trap_emaTarget}/snmpTargetParamsSecurityName: set to admin
217 06212017 013735.321490:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetParamsTable/snmpTargetParamsEntry{std_v3_trap_emaTarget}/snmpTargetParamsSecurityModel: set to 3
225 06212017 013735.321740:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetParamsTable/snmpTargetParamsEntry{std_v3_trap_emaTarget}/snmpTargetParamsStorageType: set to nonVolatile
177 06212017 015350.802472:1.01.00.00000.Minor   .CHM: audit user: admin/35 context: netconf /system/admin{WFDSBC01}/accountManagement/sessionIdleTimeout/state: set to disabled
177 06212017 015350.802749:1.01.00.00000.Minor   .CHM: audit user: admin/35 context: netconf /system/admin{WFDSBC01}/accountManagement/sessionIdleTimeout/idleTimeout: set to 10
128 06212017 015350.924047:1.01.00.00000.Minor   .CHM: audit user: admin/35 context: netconf /system/admin{WFDSBC01}: modified 
157 06212017 015350.924593:1.01.00.00000.Minor   .CHM: audit user: admin/35 context: netconf /system/admin{WFDSBC01}/accountManagement/maxSessions: set to 5
105 06212017 015415.138074:1.01.00.00000.Minor   .SBCINTF: audit user: admin/0 Logged out ssh <PAM> user
129 06212017 015419.485411:1.01.00.00000.Minor   .SBCINTF: audit user: admin/0 logged in over ssh from 127.0.0.1 through netconf
129 06212017 015420.657710:1.01.00.00000.Minor   .SBCINTF: audit user: admin/0 logged in over ssh from 127.0.0.1 through netconf
129 06212017 015421.825934:1.01.00.00000.Minor   .SBCINTF: audit user: admin/0 logged in over ssh from 127.0.0.1 through netconf

 

To Delete Logs

Note

Once a log file is deleted, it cannot be retrieved from any location.

...