Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel

In this section:

Table of Contents
maxLevel4

Info
iconfalse

Related articles:

Children Display

 

This profiles allows you Use this window to configure the event Log configuration table for configuration items related to each Event Log log handling for each event log type.

To View Type Admins

On the SBC main screen, go to Administration > Accounting and Logs > Event Log > Type Admin. The Type Admin window is displayed showing a row for each type of event log.

Caption
0Figure
1Event Log - Type Admin

Image Modified

By default only ten entries are displayed in a view. You can choose the number of entries to be displayed under the Show entries drop down box. 

To Edit Type Admins for Event Log Types

To edit any of the created Type Adminsthe configuration for any Event Log type, click the radio button next to the specific admin name.

Caption0Figure1Event

Log

- Highlighted Type Admin

Image Removed

Type. The Edit Selected Type Admin window is displayed belowopens for the selected type.

Caption
0Figure
1Event Log - Edit Selected Type Admin 1

Image Modified

The following parameters are displayed:

Caption
0Table
1Type Admin

 

NOTE: You must enable the

global callTrace signalingPacketCapture parameter (set state to "enable")

Signaling Packet Capture State parameter to capture SIP and H.323 packets (

see 

refer to Call Trace

- CLI

and Packet Capture - Signaling Packet Capture for configuration details).

Once

signalingPacketCapture

Signaling Packet Capture State is enabled, any subsequent changes

to

tothe SBC device configurations or filter information will not be available to signaling packet captures until

signalingPacketCapture

the state is reset (state is disabled, and then re-enabled).

Parameter

Description

Type

The type of the event log. Each type has separate configuration parameters and logs to a separate file.

State

Specifies the requested state of the given Event Log event log type.

  • disabled Disabled – Logging is not activated.
  • enabled Enabled – (default) Logging is activated.
  • rollfileRollfile

 Accounting  Accounting logs cannot be disabled.

File Count

The number of event log files that will be maintained for this event type. All event types will overwrite the oldest file when the file count is exceeded. A warning will be issued when the count approaches the maximum. Enter a value between the range 1and 10241 and 2048.

File Size

The maximum size (in KB) that a single event log file will ever grow to. Enter a value between in the range (256..-65535) KB. File size should be set to 65535 for trace and account logs when trying to trace all the calls on the system for use with Protect.

Message Queue Size

The number of event log message entries to buffer before writing them to disk. The size may be a value between 2 and 32 (inclusive). Enter a value between in the range 2 and 32100. The default is 10. If capturing all of the SIP PDU messages in the trace log for use with Protect, set this value to 100 for the trace log.

Save To

Save events. The values are:

  • None - Events are not saved
  • Disk - Events are saved to Diskdisk

Filter Level

The filter severity level of events. Events that are at least as severe as the designated level will be logged. no events type Noevents suppresses all events of this type from being logged.

Rollover Start Time

Specifies the start time for event log rollover. The format is CCYY-MM-DDTHH:MM:SS. For example: 2010-01-01T01:01:01.

Rollover Interval

Enter the number of seconds . The for the event log rollover interval.

Rollover Type

Event log rollover type. Options are:

  • nonrepetitive Nonrepetitive (default) – The rollover will occur once at the specified single instance.
  • repetitive Repetitive – The rollover will occur repeatedly at the specified intervals.

Rollover Action

Event log rollover actions. The values are:

  • Start - Start event log rollover at the specified starting time.
  • Stop - Stop event log rollover.

File Write Mode

Identifies event log NFS write mode. The values are:

  • DEFAULT Default - Log data is written to NFS as a 1344 byte packet.
  • OPTIMIZE Optimize - Log data is written to NFS as an 8000 byte packet.
    Optimize write mode results in IP fragmentation, but yields better throughput.

Syslog State

Enable flag this option to log events of specified type to syslog.

Syslog Remote Port

The IP Port Number. Specifies the port to use to send messages to the remote syslog. The value ranges from 1 to 65535 and the default value is 514.
  • disabledDisabled (default)
  • enabled

Syslog Remote host

Specifies the remote host where the messages are written to the syslog. This must be a valid host name or a valid IP address. The value ranges from 0 to 255

Syslog Remote Protocol

Specifies the protocol to use to send messages to the remote syslog. Options are:

  • relp
  • tcp (default)
  • udp
  • Enabled

Rename Open Files

Enable this flag option to append an ".OPEN" extension to accounting and files which are open for writing.

  • disabledDisabled (default)
  • enabledEnabled
Note
Disk Throttle LimitSpecifies the limit on INFO level messages logged to the disk in one second. A value of 0 disables the limit. The default is 5000 and the value can go up to 4,294,976,295. For the trace log, if tracing is being performed to capture all of the SIP PDU for all of the calls on the system for use in conjunction with Protect, then this value needs to be tuned to accommodate the maximum call load anticipated for the SBC instance. For example, for a call rate of 1350 cps and assuming 14 messages in a basic SIP call (ingress and egress legs), it would require a total of 18,900 messages. Adding this to the default 5000, the recommendation in this case would be to set the limit at 25,000.
Event Log Validation

Specifies whether the logs at rest for this log type should be cryptographically hashed. The values are:

  • Disabled (default)
  • Enabled

Hashing is only recommended for the security and audit logs. These are the main logs required to triage security issues and do not roll very frequently. 

IMPORTANT: You must disable this control for any logs which are rolling at a very high rate, for example, if capturing trace logs of all SIP PDUs for use with Protect.

If logs are being exported using Rsyslog then there is no need to enable Event Log Validation as the logs are copied off the SBC before they could be modified. Refer to OAM - Event Log - Platform Rsyslog.

Make the required changes and click Save to save the changes.

Pagebreak