In this section:
The Call Accounting Manager (CAM) generates Call Detail Records (CDRs) and supports accounting event logging on the SBC Core. As calls traverse the SBC, CDRs are generated and stored in the /var/log/sonus/sbx/evlog
directory. You can view these CDR by looking at files with the “.ACT” extension. It is useful to view the ACT logs during call debugging (to get the originating trunk group, calling and called numbers, codec used, and more). You can also view billing records (and other logs) while in EMA Platform Mode. Refer to Administration - Accounting and Logs for more information.
The SBC generates timestamps in the local time format in the ACT files for any of the fields that were previously in the GMT time format.
You can send SBC accounting records to three different types of locations:
- Local hard disk: If accounting is enabled, then ASCII records are always written to the local disk.
- An external server, for example:
- To a DSI-L0 server: If configured, the ASCII records can be transferred to an external Ribbon DSI server using SFTP.
- To an external billing server in an IMS network via the Rf Interface.
- RADIUS server: RADIUS accounting records can be generated and sent to an external RADIUS server.
Call Detail Record Format
This section describes the ASCII and streaming Call Detail Record (CDR) format.
The SBC may insert non-ASCII characters in CDRs when messages are parsed in the initial INVITE.
Various Ribbon elements such as GSX 9000, PSX, and SBC use many of the same CDR fields. Because of this, some fields in the “Accounting Records” table below do not apply to SBC call details, but instead simply indicate pass-though type messages (for example, ISUP and PSTN fields).
For GW-GW calls on the SBC SWe and SBC SWe Cloud, a CDR is only generated for the ingress leg. If the generation mode is configured as origination and the populateRemoteGsxInfoState
flag is enabled, the SBC logs billing information from the termination node.
For more information on known limitations, refer to the applicable release notes at SBC Release Information page.
Additional references:
- CDR Examples: Example CDRs.
- CDR to VSA Mapping: Mapping of CDR fields to Vendor Specific Attribute (VSA) fields to send to external RADIUS servers.
- Vendor Specific Attributes Reference: Complete listing of SBC-specific VSA fields.
Accounting File Version
The CAM version of the SBC 12.00.00 is 103.00.00 (major CAM version is 103, minor CAM version is 0, special CAM version is 0). The associated hex format of CAM file version is 00670000, displayed as "00670000" in ASCII CAM file header below:
Sonus Networks, Inc.00000000FF600000670000000000000128V12.00.00R000 0000000000000000000000000000ACT2023041023333000000000000000
File Header
Every event log file, including accounting logs, contains a file header. This header consists of a 128-character string terminated by a (line feed). Each field in the event log file header is defined in the following table:
Field Offset | Field Length | Field Content |
---|---|---|
0 | 20 | ASCII OEM string, blank padded, (for example "Ribbon Communications, Inc.") |
20 | 8 | Reserved |
28 | 2 | Old CAM File Version. Always "FF". |
30 | 2 | Hex offset to the Event Log Type, or the number of bytes from the beginning of the record to the beginning of the Event Log Type field (in the above example, "64"). |
32 | 2 | Reserved |
34 | 8 | New CAM File Version. This value is 100, and consists of:
|
42 | 8 | Reserved |
50 | 4 | Hex offset to start of data. In this example, "0128". |
54 | 13 | SBC software revision. In this example, "V10.01.00R000". |
67 | 29 | Reserved |
96 | 3 | Event Log Type (same as file extension). In this example, "ACT". |
99 | 16 | File creation time. |
115 | 12 | Reserved |
127 | 1 | Header terminator (line feed) |
File Footer
The following line footer is appended to each log file (including accounting logs) when the file is closed under controlled conditions for non-CNF environments:
MMDDYYYY HHMMSS: File administratively closed.
Controlled conditions include CLI commands (for example, set oam eventLog typeAdmin acct rolloverAction
...) and automatic roll-overs when maximum file size is reached.
When an uncontrolled file closure occurs, such as an SBC switch-over or system failure, this footer may not be present.
File Footer - CNF
For CNF environments, the following line footer is appended to each log file:
YYYY-MM-DD HH:MM:SS ZONE File administratively closed.
For backward compatibility of the logging format, a CLI configuration is added for the debug, system, and security logs. You can switch the files of these log formats at runtime using the following CLI commands:
% set oam eventLog typeAdmin debug cnfLogFormat <disable | enable> % set oam eventLog typeAdmin system cnfLogFormat <disable | enable> % set oam eventLog typeAdmin security cnfLogFormat <disable | enable>
- By default, the cnfLogFormat flag is enabled in the CNF environment and disabled in non-CNF environments.
- You can configure the debug, system, and security formats to have the new CNF log format based on this flag.
- The trace and pkt files always follow the old format.
- The audit and mem files always follow the new format.
Renaming Open Accounting Files
The SBC includes the ability to rename a currently-open accounting file using a known suffix to make it easily identifiable by external applications. To activate this feature, simply enable the flag “Rename Open Files” using EMA GUI or CLI.
CLI syntax example:
% set oam eventLog typeAdmin acct renameOpenFiles enable
Once this flag is enabled, on the next accounting file open activity, the suffix .OPEN is appended to the filename using the format <shelf><sequence number>.ACT.OPEN (currently open files are not affected).
For example, as accounting file 1000099 is created with this feature already enabled, the file is named “1000099.ACT.OPEN”.
For configuration details, refer to:
- CLI: Event Log - CLI
- EMA: Event Log - Type Admin
Accounting File Roll-Over
The SBC application maintains a configurable maximum of up to 2048 accounting files. Once the configured limit of files is reached, the application deletes the oldest files first to accommodate the new files.
When accounting file names reach the maximum value of 1FFFFFF.ACT, the next file name rolls over to 1000001.ACT. Use the “Rename Open Files” flag to rename the most recent accounting file with the ”ACT.OPEN” extension. This flag is accessible from the EMA at “System Configuration” > “CDR and Servers” tab.
Global Charge Reference
The Global Charge Reference (GCR) feature allows correlation of calls across networks where the calls are originated from and terminated at different third-party devices. The GCR field is populated in the CDRs of the SBC if the GCR is received in a gateway protocol message from a GSX9000.
The GSX9000 receives or generates the GCR parameter through an ISUP parameter. The GCR is used in conjunction with SIP call-id’s to associate calls that interwork between SIP and ISUP protocols across multiple network devices.
How to Set Up SFTP from the SBC to a CDR Server
If a CDR server is configured, the SBC transfers the files through SFTP to the configured destination.
To create a CDR server, use the following command syntax:
% set oam accounting cdrServer admin [primary | secondary] connectionTimeout <numeric: 15 to 600 seconds> filePrefix <name of SBC> ipAddress <ip address> password <password for ftp user> path <directory to ftp to> transferTimeout <numeric: 15 to 600 seconds> username <username of ftp user>
An example to show the CDR server configuration and check the configuration is as follows:
admin@SBC01> config admin@SBC01% set oam accounting cdrServer admin primary connectionTimeout 15 filePrefix SBC01 ipAddress 10.10.211.10 password sonus path /export/home/SBC01ACTrecs/ transferTimeout 15 username root admin@SBC01% commit admin@SBC01% quit admin@SBC01> show table oam accounting cdrServer admin FILE CONNECTION TRANSFER TYPE IP ADDRESS USERNAME PASSWORD PATH PREFIX TIMEOUT TIMEOUT -------------------------------------------------------------------------------------------------------------- primary 10.10.211.10 root $3$qaO71mBy8l8= /export/home/SBC01ACTrecs/ SBC01 15 15 [ok][2013-10-02 06:14:49] admin@SBC01>
Initially, the accounting field is not set to ftp or automatically roll over. Use the following command to view Rollover settings for accounting (See "acct" row in the example):
> show table oam eventLog typeAdmin MESSAGE ROLLOVER FILE RENAME DISK SYSLOG FILE FILE QUEUE SAVE FILTER START ROLLOVER ROLLOVER WRITE SYSLOG OPEN THROTTLE EVENT LOG SERVER REMOTE TYPE STATE COUNT SIZE SIZE TO LEVEL TIME INTERVAL ROLLOVER TYPE ACTION MODE STATE FILES LIMIT VALIDATION NO HOST ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- system enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled 5000 disabled server1 0.0.0. debug enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled - disabled server1 0.0.0. trace enabled 32 2048 10 disk info - 0 nonrepetitive stop default disabled disabled - disabled server1 0.0.0. acct enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled - disabled server1 0.0.0. security enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled - disabled server1 0.0.0. audit enabled 32 2048 10 disk info - 0 nonrepetitive stop default disabled disabled - disabled server1 0.0.0. packet enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled - disabled server1 0.0.0. memusage enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled - disabled server1 0.0.0. [ok]
To create the accounting file rollover and ftp, use the following command syntax:
% set oam eventLog typeAdmin acct rolloverStartTime <CCYY-MM-DDTHH:MM:SS> rolloverInterval <number of seconds between each file rollover> rolloverType repetitive rolloverAction start where 'T' in 'DDTHH' is a constant used to indicate the Time follows.
An example of the configuration and display of the accounting file rollover and ftp is as follows:
% set oam eventLog typeAdmin acct rolloverStartTime 2018-09-13T06:30:00 rolloverInterval 500 rolloverType repetitive rolloverAction start [ok][2018-08-13 12:58:11] [edit] admin@SBXUK11-1% commit Commit complete. [ok][2018-08-13 12:58:14] [edit] admin@SBXUK11-1% exit > show table oam eventLog typeAdmin MESSAGE FILE RENAME DISK FILE FILE QUEUE SAVE FILTER ROLLOVER ROLLOVER WRITE SYSLOG OPEN THROTTLE EVENT LOG TYPE STATE COUNT SIZE SIZE TO LEVEL ROLLOVER START TIME INTERVAL ROLLOVER TYPE ACTION MODE STATE FILES LIMIT VALIDATION ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- system enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled 5000 disabled debug enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled - disabled trace enabled 32 2048 10 disk info - 0 nonrepetitive stop default disabled disabled - disabled acct enabled 32 2048 10 disk major 2018-09-13T06:30:00-00:00 500 repetitive start default disabled disabled - disabled security enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled - disabled audit enabled 32 2048 10 disk info - 0 nonrepetitive stop default disabled disabled - disabled packet enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled - disabled memusage enabled 32 2048 10 disk major - 0 nonrepetitive stop default disabled disabled - disabled [ok]
View CDR Server status using the following command:
admin@SBC01> show table oam accounting cdrServer status SUCCESSFUL FAILED PENDING TYPE STATE PROGRESS TRANSFERS TRANSFERS TRANSFERS ------------------------------------------------------------- primary active done 3 0 0 [ok][2013-10-02 07:27:19]
Verify that the files were transferred to the FTP server by logging in to the CDR server and executing the following command:
ftp server: root@hostname # pwd /export/home/SBC01ACTrecs root@hostname # ls -l total 708 -rw-r--r-- 1 root other 346730 Oct 2 06:45 SBC01.20131002064500.1000022.ACT -rw-r--r-- 1 root other 175 Oct 2 07:00 SBC01.20131002070000.1000023.ACT -rw-r--r-- 1 root other 175 Oct 2 07:15 SBC01.20131002071500.1000024.ACT root@hostname #
Execute the following command to view the successful and failed CDR file transfer:
% show table oam accounting cdrServer status SUCCESSFUL FAILED PENDING TYPE STATE PROGRESS TRANSFERS TRANSFERS TRANSFERS --------------------------------------------------------- primary active done 2 0 0 secondary standby idle 0 7 0
CDR Server Remote Port Configuration
The SBC supports transferring call accounting files (.ACT
) to a CDR server through a user-configured port. The SBC also supports using Secure Shell (SSH) public keys instead of password to authenticate with the remote CDR server.
Use the following parameters within CDR server configuration to set up remote port and ssh key based authentication:
cdrPort
useSshKeyFile
generateSshPublicKeys
You can either use the existing username/password or the SSH public key to authenticate with the remote CDR server. The parameter useSshKeyFile
must be enabled to generate the SSH public key.
To generate a new SSH public key, execute the following command:
% request oam accounting cdrServer admin primary generateSshPublicKeys
The generated SSH public key must be installed on CDR server to use ssh key based authentication from SBC. The SSH public key must be copied to the remote CDR server file /home/<user>/.ssh/authorized_keys.
If the private key is compromised, the key must be re-generated. Once the key is re-generated, the CDR server must be updated with the new key.
- The SSH public key generated for the primary CDR server can also be used to authenticate the secondary CDR server. The SSH public key can be installed on both primary and secondary CDR servers.
The configured user must have access to
/home/<user>/.ssh
for reading the public key.
Configuring the CDR Server Remote Port
When downloading billing records (or other logs), you must use port 2024 to SFTP files from the SBC.
% set oam accounting cdrServer admin primary cdrPort 2024
Using SSH Public Keys for CDR Server Authentication
Using SSH public keys for CDR server authentication requires the following:
- Enabling SSH Key Based Authentication
- Generating the SSH Public Key
- Copying and Installing the SSH Public Key to CDR Servers
Enabling SSH Key Based Authentication
To enable SSH key based authentication, execute the following command:
% set oam accounting cdrServer admin primary useSshKeyFile Enable
Generating the SSH Public Key
To generate a new SSH public key, execute the following command:
% request oam accounting cdrServer admin primary generateSshPublicKeys result success reason ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDclSOlVfVmmhatw5bDQRk7AaYvCRUUfHHbSvkCBb4T8zYdJ8JNw15rMSKk9hEkVdtEEZRJU4Q97C+3LbPknZrIMM+zmSRYmh2/LkGAlydSJ+sPe9i7zWFOLYeA3gitaKJSPgSjdb4WGgDq686Ei4yup9xYDbT8wAcosQsf3tfbqH2GetNJ8tAs3KjRi7FPhH1hHdXVyH0yW1mdGlMYvoFUeFCRjhE81oJhy2jMTJD9T3eQiJo4NZQZYOgALMQPi8fxaAgnuWmvrejNTn/PgRyGpQEs7HFHkX5zHW5M74PU/Z3S3Y2uSZlYrCQRf9Y2mUiK5R40bjsKz4TqIP5LfzhX [ok]
Copying and Installing the SSH Public Key to CDR Servers
The SSH public key is copied to the remote CDR server file /home/<user>/.ssh/authorized_keys
.
For configuration details, refer to Accounting - CLI.
RADIUS Accounting Support
Remote Authentication Dial In User Service (RADIUS) is a standardized protocol for supporting Authentication, Authorization, and Accounting (AAA) management in a distributed client-server architecture. The SBC can map CDR fields and other input parameters to attributes (standard as well as vendor-specific attributes) in RADIUS call-accounting records. The SBC, acting as a RADIUS client, can send the call-accounting records to an external RADIUS server. For a description of Sonus CDR to RADIUS VSA field mapping, refer to CDR to VSA Mapping.
The following accounting message types are supported by RADIUS protocol:
- Accounting Request
- Accounting Response
The process for sending accounting requests and responses is described below.
- The SBC sends an accounting-request with Accounting-Status-Type value "Accounting-on". At a later time, this transaction informs the server about the new accounting client that will send the accounting messages to the NAS/resource usage by user.
- When the SBC connects the call, the accounting starts. The accounting-request contains the Accounting-Status-Type with the value "Start". The "Start" records contains the following:
- User identification
- Network address
- Point of attachment
- Unique session identifier
- Next, the SBC records the status change by NAS to the RADIUS server for this active session. The accounting-request now contains the Accounting-Status-Type with the value "Interim". The interim record usually conveys the current session duration and information on the current data usage.
- When the user network access is closed, the NAS issues a final Accounting Stop record to the RADIUS server, providing the information on the final usage in the terms of the following:
- Time
- Packets transferred
- Data transferred
- Reason for disconnect
- Other information related to the call
The Accounting-Request contains the Accounting-Status-Type with the value "Stop". The primary purpose of this data is to bill the user. The data is also used for statistical purposes and for general network monitoring.
To configure the SBC to send records to an external RADIUS server and to configure up to three RADIUS servers per SBC, refer to Accounting - CLI.
SBC Standard Attributes
The SBC RADIUS application uses standard attributes from the RADIUS when possible. For CDR fields that cannot be mapped to the standard attributes, vendor-specific attributes are defined. The SBC allows instances of the standard attributes in Accounting request message as per following table:
Table 2: Allowed Standard Attributes
Attribute Name | Attributes description |
---|---|
NAS-IP-Address | The IP Address of the SBC generating accounting request. |
NAS -Identifier | The configured NAS Identifier for a given SBC. When sending RADIUS accounting messages, the NAS-Identifier field is populated with the corresponding value configured for the RADIUS server to which message is sent. |
Acct-Status-Type | The type of accounting message sent by the SBC. The SBC uses the appropriate value of Acct-Status-Type corresponding to the CDR type to be generated.
|
Acct-Session-Id | Uniquely identifies accounting records for a given call. It is possible to match all accounting records for a given call when correlating call records. |
Acct-Session-Time | The number of seconds during which the user received service (duration of the call). |
Acct-Terminate-Cause | The class of termination cause. This value is derived from the disconnect reasons class value. |
Rf Interface Support
The SBC Core acting as a P-CSCF or IBCF supports Rf interface-based offline billing in compliance with standard IMS as well as file-based and stream-based CDRs. The SBC can select either CDR/streaming-based charging or Rf Interface depending on whether the system-wide flag, enableRfApp, is enabled or not. Refer to Signaling - Global - CLI or Signaling - Diam Sig Controls for configuration details.
The SBC Diameter node supports both Rf application along with the existing Rx application. The Diameter node uses "Route Table" to find peer for outbound request based on destination realm and application.
For more details, refer to Rf Interface Support.
Generating CDRs in Q-SBC Format
By default, the SBC Core generates CDRs in the standard SBC Core (former Sonus) format. For deployments that require it, users with admin privileges can configure the SBC Core to generate CDRs in the format of the (former GENBAND) Q-series SBCs. Similar to SBC Core CDRs, the Q-SBC format is an ASCII-format text file with multiple records per file. When you enable the Q-SBC format, the SBC Core populates CDR log files according to the mapping shown in the Q-SBC to SBC Core CDR Mapping table. Refer to Generating CDRs in Q-SBC Format for more information.