Page History

clearInfoLevelLoggingDisabled

Use this command to re-enable info level logging after it becomes disabled due to system congestion. If this command is executed while the system is still congested, this may cause the system to become further congested.

platformAuditLogs


Use this command to enable/disable platform audit logging of administrative, privileged, and security actions.

• state
  • disabled (default)
  • enabled

state

Enable this flag to measure the memory usage of each active process.

• disable (default)

• enable

Specifies the level of details to be displayed.

• summary (default)
• detailed

The time interval, in minutes, to elapse between the recording of each memory usage file to the hard drive. (Default = 5)

Note: An interval of 1440 minutes (24 hours) equates to one log entry per day for a process.

Use this object to configure a remote server IP address, port, and protocol type to push the platform audit logs to a remote server.

state

Enable this flag to allow platform audit logging of administrative, privileged, and security actions.

• disabled (default)
• enabled

Note: Syslog is not supported for acct and packet event types.

0-4294976295

Specifies the limit on INFO level messages logged to the disk in one second. A value of 0 disables the limit. The default value is 5000.

Note: For the trace log, if tracing is being performed to capture all of the SIP PDU for all of the calls on the system for use in conjunction with Protect, then this value needs to be tuned to accommodate the maximum call load anticipated for the SBC instance. For example, for a call rate of 1350 cps and assuming 14 messages in a basic SIP call (ingress and egress legs), it would require a total of 18,900 messages. Adding this to the default 5000, the recommendation in this case would be to set the limit at 25,000.

Specifies whether the logs at rest for this log type should be cryptographically hashed.

Hashing is only recommended for the security and audit logs. These are the main logs required to triage security issues and do not roll very frequently. Hashing must be disabled for logs that are rolling over frequently as would occur for the trace log if the call rate is 1350 cps and it is being used to capture all SIP PDU's for use with Protect.

If logs are being exported using Rsyslog then there is no need to enable Event Log Validation as the logs are copied off the SBC before they could be modified. Refer to OAM - Event Log - Platform Rsyslog.

• disabled (default)
• enabled

IMPORTANT: You must disable this control for any logs which are rolling at a very high rate (e.g. capturing trace logs of all SIP PDUs for use with Protect).

Hash Notes:

• Hashes are stored in /.../evlog/eventLogValidation/
• The hash file name format is <evLogfilename>.hash.<keyName>
• Hashes must be retrieved using SFTP 

fileCount

1-2048

Specifies the number of event log files that will be maintained for this event type. (default = 32).

fileSize

256-65535

Maximum size (in KB) that a single event log file will ever grow to. (default = 2048).

Note: Set the file size to 65535 for trace and account logs when attempting to trace all calls on the system for use with Protect.

fileWriteMode

N/A

Event log NFS write mode. 

• default – Log data is written as a 1344-byte packet.
• optimize – Log data is written as a 8000-byte packet. Optimize write mode results in IP fragmentation but yields better throughput.

filterLevel

N/A

Logs every possible event.

messageQueueSize

2-100

The number of event log message entries to buffer before writing to disk. (default = 10).  If capturing all of the SIP PDU messages in the trace log for use with Protect, set this value to 100 for the trace log.

renameOpenFiles

N/A

Enable this flag to append an ".OPEN" extension to accounting and files which are open for writing.

• disabled (default)
• enabled

Note:You must enable the global callTrace signalingPacketCapture parameter (set state to "enable") to capture SIP and H.323 packets (Refer to Call Trace - CLI for configuration details).

Once signalingPacketCapture is enabled, any subsequent changes to SBC device configurations or filter information will not be available to signaling packet captures until signalingPacketCapture is reset (state is disabled, and then re-enabled).

rolloverAction

N/A

Event log rollover actions.

• start – Start rollover action
• stop – Stop rollover action

rolloverInterval

0-31536000

Event log rollover interval, in seconds.

rolloverStartTime

N/A

Specifies the start time for event log rollover. The format is CCYY-MM-DDTHH:MM:SS. For example: 2010-01-01T01:01:01

rolloverType

N/A

Event log rollover type. 

• nonrepetitive (default) – The rollover will occur once at the specified single instance.
• repetitive – The rollover will occur repeatedly at the specified intervals.

saveTo

N/A

Use flag to specify that the events are saved to disk or not saved.

• disk (default)
• none

state

N/A

Specifies the requested state of the given Event Log type.

• disabled – Logging is not activated.
• enabled – (default) Logging is activated.
• rollfile

 Accounting logs cannot be disabled.

Configure a remote Rsyslog Server for a single log type:

• syslogRemoteHost – (0-255) The remote host where the messages are written to the syslog.
• syslogRemotePort – (1-65,535) Specifies the port to use to send messages to the remote syslog. Default value is 514.
• syslogRemoteProtocol – The protocol to use to send messages to the remote syslog.
  • relp
  • tcp (default)
  • udp 

• disabled (default)
• enabled