Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel

Table of Contents

 

The Logs Management window provides the ability to filter, download , and delete the SBC logs according to the log typesSBC log files.  

For information on SBC's support for remote syslog servers and the supported log types, refer to Supported Log Types.

On the SBC main screen, navigate to Troubleshooting > Call Trace/Logs/Monitors > Log Management. The Logs Management window is displayed.

Caption
0Figure
1Log Management
 
Info
titleNote

If there are no files generated by the SBC for a type of log/trace, the corresponding log/trace option is not displayed in the list within the Log Management pane.

The Log Management pane is divided into the two vertical sections:

  • The left side provides a list of all the available log types.

Once a log type is selected on the left, the right side provides

the details

a list of log

management parameters for

files of the

log

type selected

in the left section

:

Caption
0Table
1 Log
Management
File Parameters

Parameter

Description

Name

Specifies the name of the log file.

Date

Indicates the date when the log was generated.

Time

Indicates the time (in HH:MM:SS format) when the log was generated. The time is indicated in the 24-hr format. The time displayed is in Greenwich Mean Time (GMT)

zone

.

Info
titleNote

This section remains blank until a log type is selected from the list.

Log Types

The

Log Types

The following log types are displayed in the Log Management pane:

Include Page
Netconf_security_protection
Netconf_security_protection

Caption
0Table
1Log Types
3Log Types
LogDescription
Core DumpsLogs the operating system dump information, which consists of the recorded state of the working memory of kernel programs at a specific time, generally when the program is terminated abnormally (crashed).
Diagnostics LogsThese log files contain the information logged during a System Diagnostics operation of the SBC.
Event Logs

Event log stores logs store the activities of accounting, system, call tracing, packet capture, security, debugging, and audit in EMA or CLI. It They also provides provide information about the configuration activities of EMA, EMS, and CLI. The logs include system logs, debug logs, core dumps, call trace logs, and packet logs.

Message Logs

Message log stores logs store the different types of interactive logs. Interactive logs store the system messages appearing on the EMA Platform Mode.

System DumpLogs the system dump information, which consists of the recorded state of the working memory of application program at a specific time, generally when the program is terminated abnormally (crashed).
T-sharkT-shark traces capture packets which are used to analyze the network issues by capturing the packet traces. These captured packets are saved as  .pcap files.
Back TraceThese traces are used to diagnose the root cause of various system problems.
Apache

Apache server

stores

logs store any error/activity from the apache2.access.log process.

It

They also

provides information about

provide information about the interaction between EMA and the Apache server.

Netconf

Netconf

stores

logs store the details about ConfD and Netconf access.

 It

 They also

provides information

provide information about the interaction between EMA and

Oracle

the PostgreSQL database.

User ActivityThese log files store the user activities on the EMA Platform Mode. For more information, refer to Troubleshooting Tools - User Activity Log.
Install LogsThese log files store the process of the SBC application installation.
Upgrade LogsThese log files capture the process of upgrading an SBC application , or the operating system.
Runtime Diagnostic TestsThese log files contain information about the runtime environment, events, and errors of the from diagnostics tests that runs on the SBC.
Archived Live Upgrade LogsThese log files serve as an archive of the logs captured stored during the process of undergoing a Live Software Upgrade.
Info
titleNote

The log files related to user activities in the EMA are available at the following directory of the SBC: /var/log/sonus/ema/log

Example Log Parameters

Caption
0Figure
1Example Log ParametersList
 

 

To Download

Downloading Logs

  1. Click  displayed against  adjacent to the respective log . See you want to download. See the Log Types table above for the description of each type of log.

    Caption
    0Figure
    1Download Log File

     

    You can view the log or save it on local drive. Depending on the your browser settings, the file either opens in a text viewer automatically or a download confirmation window is displayed. You can view the log in a notepad or save it on local drive. 

    Caption
    0Figure
    1Save Log File

Once downloaded, open the log file with a text editors editor like Notepad++. Any popular text editor program is capable of opening the log files. However, text editors used for programming displays the log files in a properly formatted manner.

The examples below shows content samples from random Platform Audit Log files and Event Audit Log files.

Platform Audit Log file - Sample Content

Code Block
type=DAEMON_START msg=audit(1498713982.579:6028): auditd start, ver=1.7.18 format=raw kernel=3.16.39 auid=0 pid=29874 res=success
type=CONFIG_CHANGE msg=audit(1498713982.679:2): audit_backlog_limit=400 old=64 auid=0 ses=3112 res=1
type=CONFIG_CHANGE msg=audit(1498713982.699:3): auid=0 ses=3112 op="add rule" key="delete" list=4 res=1
type=CONFIG_CHANGE msg=audit(1498713982.727:4): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1
type=CONFIG_CHANGE msg=audit(1498713982.739:5): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1
type=CONFIG_CHANGE msg=audit(1498713982.755:6): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1
type=CONFIG_CHANGE msg=audit(1498713982.767:7): auid=0 ses=3112 op="add rule" key="exclude" list=4 res=1
type=LOGIN msg=audit(1498714380.853:35): pid=32295 uid=0 old-auid=0 auid=3000 old-ses=95 ses=3113 res=1
type=LOGIN msg=audit(1498714382.993:36): pid=32437 uid=0 old-auid=0 auid=3000 old-ses=95 ses=3114 res=1
type=LOGIN msg=audit(1498714501.897:37): pid=878 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3115 res=1
type=LOGIN msg=audit(1498714563.885:38): pid=1185 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3116 res=1
type=LOGIN msg=audit(1498714632.126:39): pid=1551 uid=0 old-auid=0 auid=3000 old-ses=95 ses=3117 res=1
type=LOGIN msg=audit(1498714634.518:40): pid=1757 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3118 res=1
type=SYSCALL msg=audit(1498715463.941:53): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=180 a2=180 a3=0 items=1 ppid=7168 pid=7172 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3130 comm="logrotate" exe="/usr/sbin/logrotate" key="permission-change"
type=PATH msg=audit(1498715463.941:53): item=0 name=(null) inode=313909 dev=fe:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL
type=UNKNOWN[1327] msg=audit(1498715463.941:53): proctitle=2F7573722F7362696E2F6C6F67726F74617465002F6574632F7362784C6F67726F746174652E636F6E66
type=SYSCALL msg=audit(1498715463.941:54): arch=c000003e syscall=91 success=yes exit=0 a0=3 a1=1b0 a2=0 a3=0 items=1 ppid=7168 pid=7172 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3130 comm="logrotate" exe="/usr/sbin/logrotate" key="permission-change"
type=PATH msg=audit(1498715463.941:54): item=0 name=(null) inode=313909 dev=fe:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL
type=UNKNOWN[1327] msg=audit(1498715463.941:54): proctitle=2F7573722F7362696E2F6C6F67726F74617465002F6574632F7362784C6F67726F746174652E636F6E66
type=LOGIN msg=audit(1498715701.725:55): pid=8550 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3131 res=1
type=LOGIN msg=audit(1498716085.366:56): pid=10571 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3132 res=1
type=LOGIN msg=audit(1498716129.369:57): pid=11232 uid=0 old-auid=4294967295 auid=0 old-ses=4294967295 ses=3133 res=1

 

Event Audit Log file - Sample Content

Info
titleNote

The sample shown below is from a Event Log file with a an .AUD extension. The possible extensions for a an Event Log file are:

  • .SEC
  • .AUD
  • .DBG
  • .SYS
  • .ACT
  • .TRC
  • .PKT
Info
titleNote:

The following example includes a second header line found in logs created on SBC SWe deployments on OpenStack. The line includes the Virtual Network Function Component ID (VNFC-ID) which uniquely identifies the SBC SWe instance from which the log was retrieved. The VNFC-ID is added to system, debug, trace, security, audit, and memory logs on SBC SWe deployments on OpenStack.

 

Code Block
Sonus Networks, Inc.0000000001600000000000000000000128V07.00.000000 0000000000000000000000000000AUD2018042415035200000000000000
Cloud Instance, release.we.700x-isbc-a-1
118 04242018 150422.651889
Code Block
Sonus Networks, Inc.0000000001600000000000000000000128V05.01.02A018 0000000000000000000000000000AUD2017062101353200000000000000
117 06212017 013605.774579:1.01.00.00000.Minor   .CHM: audit user: admin/18 Logged out from maapi ctx=maapi (closed)
128 06212017 013609.134089:1.01.00.00000.Minor   .SBCINTF: audit user: callTraceGuest/0 logged in over ssh from ::1 through cli
131 06212017 013735.315029:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}: created 
144 06212017 013735.315271:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/name: set to emaTarget
139 06212017 013735.315552:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/port: set to 8162
143 06212017 013735.315804:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/state: set to enabled
150 06212017 013735.316048:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/targetUsername: set to admin
149 06212017 013735.316332:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/ipAddress: set to 127.0.0.1
158 06212017 013735.316556:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /snmp/trapTarget{emaTarget}/targetSecurityLevel: set to authPriv
203 06212017 013735.318434:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrTagList: set to std_v2_trap
209 06212017 013735.318694:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrTAddress: set to 127.0.0.1.31.226
205 06212017 013735.318944:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrTDomain: set to 1.3.6.1.6.1.1
202 06212017 013735.319195:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrParams: set to std_v2_trap
196 06212017 013735.319450:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrTimeout: set to 1500
207 06212017 013735.319703:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrStorageType: set to nonVolatile
196 06212017 013735.319953:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrRetryCount: set to 3
192 06212017 013735.320232:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetAddrTable/snmpTargetAddrEntry{emaTarget}/snmpTargetAddrMMS: set to 2048
211 06212017 013735.320994:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetParamsTable/snmpTargetParamsEntry{std_v3_trap_emaTarget}/snmpTargetParamsMPModel: set to 3
220 06212017 013735.321242:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetParamsTable/snmpTargetParamsEntry{std_v3_trap_emaTarget}/snmpTargetParamsSecurityName: set to admin
217 06212017 013735.321490:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetParamsTable/snmpTargetParamsEntry{std_v3_trap_emaTarget}/snmpTargetParamsSecurityModel: set to 3
225 06212017 013735.321740:1.01.00.00000.Minor   .CHM: audit user: admin/22 context: netconf /SNMP-TARGET-MIB/snmpTargetParamsTable/snmpTargetParamsEntry{std_v3_trap_emaTarget}/snmpTargetParamsStorageType: set to nonVolatile
177 06212017 015350.802472: audit user: admin1/38 Logged out from maapi ctx=maapi (closed)
129 04252018 084658.997675:1.01.00.00000.Minor   .CHMSBCINTF: audit user: admin/35 context: netconf /system/admin{WFDSBC01}/accountManagement/sessionIdleTimeout/state: set to disabled
177 06212017 015350.8027490 logged in over ssh from 127.0.0.1 through netconf
129 04252018 084702.435309:1.01.00.00000.Minor   .CHMSBCINTF: audit user: admin/35 context: netconf /system/admin{WFDSBC01}/accountManagement/sessionIdleTimeout/idleTimeout: set to 10
128 06212017 015350.9240470 logged in over ssh from 127.0.0.1 through netconf
105 04252018 084704.507995:1.01.00.00000.Minor   .CHMSBCINTF: audit user: admin/350 context:Logged netconf /system/admin{WFDSBC01}: modified 
157 06212017 015350.924593out ssh <PAM> user
129 04252018 084745.650292:1.01.00.00000.Minor   .CHMSBCINTF: audit user: admin/35 context: netconf /system/admin{WFDSBC01}/accountManagement/maxSessions: set to 5
105 06212017 015415.1380740 logged in over ssh from 127.0.0.1 through netconf
129 04252018 084746.671513:1.01.00.00000.Minor   .SBCINTF: audit user: admin/0 Loggedlogged in outover ssh <PAM> userfrom 127.0.0.1 through netconf
129 0621201704252018 015419084747.485411582214:1.01.00.00000.Minor   .SBCINTF: audit user: admin/0 logged in over ssh from 127.0.0.1 through netconf
129105 0621201704252018 015420084748.657710673826:1.01.00.00000.Minor   .SBCINTF: audit user: admin/0 loggedLogged out inssh over<PAM> sshuser
105 from 127.0.0.1 through netconf
129 06212017 015421.82593404252018 084749.934381:1.01.00.00000.Minor   .SBCINTF: audit user: admin/0 Logged out ssh <PAM> user
105 04252018 084750.963892:1.01.00.00000.Minor   .SBCINTF: audit user: admin/0 loggedLogged inout over ssh from 127.0.0.1 through netconf

 

To Delete
<PAM> user

Deleting Logs

Info
titleNote

Once a log file is deleted, it cannot be retrieved from any location.

 

  1. Click  displayed against the respective logs.

    Image Removed

     adjacent to the log you want to delete. A delete confirmation dialog box is displayed.Image Removed

  2. Click Delete to remove the log from the list.

Pagebreak