SysLogViewer - simplify the process of analyzing AudioCodes logs
Good day to all. In the process of working, I constantly encounter the problem of illegibility of AudioCodes logs, as a result of a very complex analysis of these logs. And the reason is not that AudioCodes logs are not readable, the reason is that AudioCodes logs can be collected in different ways and instead of getting a conveniently read log, you get unreadable text. How to collect the logs and how to analyze them correctly, read under the cut:
First, let’s figure out how to enable the logs correctly and where they can be viewed.
In order to enable logging, you need to go to the page Configuration -> System -> SysLog Settings:
Let's analyze the parameters that we need
After enabling logging, you can collect logs both locally, through the web interface, and remotely through SysLog. We will analyze both of these options:
Collection through the Web browser is carried out in the menu: Status & Diagnostics -> System Status -> Message Log.
An example of such a conclusion is below:
This option for collecting logs may be relevant in the following cases:
The main disadvantages of this collection of logs:
The second way is more correct and reliable - collecting logs remotely. But here, as a rule, the question arises - which program is better to collect logs. At the moment, there are many different programs that allow you to build SysLog. Due to the fact that of all the popular programs, there are no programs optimized for the AudioCodes format, which is logical, AudioCodes has developed its own program for collecting logs - SysLogViewer. Link to this program:
download
This is a program for analyzing AudioCodes logs. It collects and analyzes logs, or analyzes logs and converts them into a conveniently readable format from the following file types: text files, Wireshark traces. I will give an example based on a previously compiled trace in .log format, compiled using the ACSysLog program. SysLogViewer main screen:
By default, the program collects all the logs on port 514 and writes the log output to the main screen. At the same time, logs from each device are written to the hotel tab. At any time, you can stop the collection of logs by clicking the "pause" button. An example of an open log:
As you can see, the logs become structured and correctly colored by color, and SIP messages are presented in a conveniently readable form. Moreover, the program has tools that allow you to speed up the process of searching and analyzing logs:
Example of searching in logs:
Moreover, the search criteria can be changed
One of the most important, in my opinion, functions of this program is the ability to view Call flow calls and exchange messages. In order to display a call flow of calls, you need to click on the “i” button.
After clicking, a separate window will open with Call flow of all dialogs in the current log:
As you can see, SysLogViewer parses all messages in dialogs and displays them in a diagram. By clicking on the message, the corresponding message is automatically displayed in the lower right corner, and the SysLogViewer main screen moves to this message. Thus, finding the right message in the log becomes much easier and faster. Also, this diagram shows all devices with all addresses and directions of messages, which also facilitates call analysis. It should be noted that in this example, the SBC option is considered when a SIP <-> SIP call is made. If one of the parties to the call is through TDM, then in this case this utility displays all TDM messages, including actions on the analog line.
This utility also has a number of functions for simple work with a large amount of information:
To summarize, we can distinguish the following positive aspects of this utility:
Have a good use.
PS This software is used to analyze AudioCodes logs and is provided free of charge. Technical support for this product is not provided.
First, let’s figure out how to enable the logs correctly and where they can be viewed.
In order to enable logging, you need to go to the page Configuration -> System -> SysLog Settings:
Let's analyze the parameters that we need
- Enable Syslog - Enable
- SysLog Server IP Address - IP address of the computer where the logs are collected using the SysLog protocol
- Debug Level: x
- 5 - collecting as many logs as possible with maximum priority.
- 7 - collection of all logs, despite the fact that priority is given to the call processing process. That is, if there is a lot of load on the device, then priority will be processing calls, and then collecting logs. In this mode, under load, part of the logs may be lost.
After enabling logging, you can collect logs both locally, through the web interface, and remotely through SysLog. We will analyze both of these options:
Collection through the Web browser is carried out in the menu: Status & Diagnostics -> System Status -> Message Log.
An example of such a conclusion is below:
This option for collecting logs may be relevant in the following cases:
- When you need to quickly analyze something locally
- When the device has minimal load
The main disadvantages of this collection of logs:
- With a heavy load, both the device itself and the browser are loaded, which must constantly output a large amount of information.
- When you select text and copy it to a text editor, the text is not very readable. Moreover, the readability of this text depends on the type of browser you are using. I can immediately say that there is no ideal browser for this.
- Since it takes a lot of resources to output to the web, Mediant can skip a series of messages. So, when removing logs, it is important to monitor the serial numbers of messages, they should go without omissions. When collecting via the Web, especially under load, quite often some messages are simply lost. Below is an example of one message where the sequence number
18:38:14 is highlighted. 52: 10.33.45.72: NOTICE: [S = 235] [SID: 1034099026] (lgr_psbrdex) (619) recv <- DIGIT (0) Ch: 0 OnTime: 0 InterTime: 100 Direction: 0 System: 1 [File: Line :-1] - AudioCodes devices do not display the contents of SDP SIP packets through a Web browser.
The second way is more correct and reliable - collecting logs remotely. But here, as a rule, the question arises - which program is better to collect logs. At the moment, there are many different programs that allow you to build SysLog. Due to the fact that of all the popular programs, there are no programs optimized for the AudioCodes format, which is logical, AudioCodes has developed its own program for collecting logs - SysLogViewer. Link to this program:
download
This is a program for analyzing AudioCodes logs. It collects and analyzes logs, or analyzes logs and converts them into a conveniently readable format from the following file types: text files, Wireshark traces. I will give an example based on a previously compiled trace in .log format, compiled using the ACSysLog program. SysLogViewer main screen:
By default, the program collects all the logs on port 514 and writes the log output to the main screen. At the same time, logs from each device are written to the hotel tab. At any time, you can stop the collection of logs by clicking the "pause" button. An example of an open log:
As you can see, the logs become structured and correctly colored by color, and SIP messages are presented in a conveniently readable form. Moreover, the program has tools that allow you to speed up the process of searching and analyzing logs:
Example of searching in logs:
Moreover, the search criteria can be changed
- Case Sensitive - The search will be case sensitive.
- Whole Words Only - Searches only for complete words
- Use Regular Expressions - you can enter regular expressions to search in the search bar
One of the most important, in my opinion, functions of this program is the ability to view Call flow calls and exchange messages. In order to display a call flow of calls, you need to click on the “i” button.
After clicking, a separate window will open with Call flow of all dialogs in the current log:
As you can see, SysLogViewer parses all messages in dialogs and displays them in a diagram. By clicking on the message, the corresponding message is automatically displayed in the lower right corner, and the SysLogViewer main screen moves to this message. Thus, finding the right message in the log becomes much easier and faster. Also, this diagram shows all devices with all addresses and directions of messages, which also facilitates call analysis. It should be noted that in this example, the SBC option is considered when a SIP <-> SIP call is made. If one of the parties to the call is through TDM, then in this case this utility displays all TDM messages, including actions on the analog line.
This utility also has a number of functions for simple work with a large amount of information:
- Filtering logs by IP address.
- Limiting the file size for saving and breaking one log into several files.
- Create a separate log file for each device.
- Filtering the incoming log.
- The utility itself checks for updates and updates, thus it does not require each time to look for a new version of this software.
To summarize, we can distinguish the following positive aspects of this utility:
- The AudioCodes log is easier to read and read better.
- If you need to ask someone to collect logs, now you do not need to install specially software for collecting logs, but rather collect the trace using WireShark and send it to you. SysLogViewer will parse and convert the content itself.
- The search for the necessary information has become much faster.
Have a good use.
PS This software is used to analyze AudioCodes logs and is provided free of charge. Technical support for this product is not provided.