Skip to content

Example: AUDIOCODES Syslog

Jump to bottom
Lorenzo Mangani edited this page Oct 10, 2024 · 32 revisions

AUDIOCODES Syslog to HEP

This example recipe parse, reassemble and convert Audiocodes SBC logs back into IP/SIP/HEP types, received as Syslog UDP/TCP and shipped back to a HEP Capture Server such as HOMER or HEPIC for use cases where encrypted communication is unavailable off-the-wire for monitoring and troubleshooting.

Dependencies

  • Audiocodes Mediant SBC
    • 7.20A.260.012 (or lower)
    • 7.20A.256.511 (or higher)
  • NodeJS 18.x+ and paStash need to be installed before execution

NPM

# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_audiocodes

SBC Settings

image

NOTE: Since UDP is the only transport, paStash should be deployed in close network proximity of the SBC!

PaStash Recipe

  • syslog input on port 514
  • audiocodes filter to parse syslog events
  • hep output to port 9060

Save the following recipe to a readable location, ie: /path/to/pastash_audiocodes.conf

input {
  udp {
    host => 0.0.0.0
    port => 514
    type => syslog
  }
}

filter {
  app_audiocodes{}
}

output {
  if [rcinfo] != 'undefined' {
        hep {
          host => '127.0.0.1'
          port => 9060
          hep_id => 2222
        }
  }
}

PaStash Recipe for multiple SBCs

When dealing with multiple SBCs/IPs span multiple profiles w/ tags = Thanks @os11k for contributing this example!

input {
  udp {
    host => 0.0.0.0
    port => 10514
    type => syslog
    tags => ["10514"]
  }
  udp {
    host => 0.0.0.0
    port => 10515
    type => syslog
    tags => ["10515"]
  }
}

filter {
  if "10514" in [tags] {
  app_audiocodes {
    debug => true
    autolocal => true
    qos => true
    localip => 1.2.3.4
    ini => '/path/to/10514.ini'
  }
  }
  if "10515" in [tags] {
  app_audiocodes {
    debug => true
    autolocal => true
    qos => true
    localip => 5.6.7.8
    ini => '/path/to/10515.ini'
  }
  }

}

output {
  if [rcinfo] != 'undefined' {
        hep {
          host => '10.182.151.163'
          port => 9060
          hep_id => 100
        }
  }
}

Usage

pastash --config_file=/path/to/pastash_sonus.conf

To configure as a service, please follow this guide

Options

Parameters for app_audiocodes:

  • autolocal: Enable detection of Local SBC IP from logs. Default : false.
  • localip: Replacement IP for SBC Aliases. Default : 127.0.0.1.
  • localport: Replacement port for SBC Aliases. Default : 5060.
  • logs: Enable emulation of HEP 100 logs. Default : false.
  • qos: Enable emulation of HEP QoS logs. Default : true.
  • correlation_hdr: SIP Header to use for correlation IDs. Default : false.
  • correlation_contact: Auto-Extract correlation from Contact x-c. Default : false.
  • debug: Enable debug logs. Default : false.
  • version: Syslog parser version. Supports 7.20A.260.012 (or lower) and 7.20A.256.511 (or higher). Default: 7.20A.260.012

For full instructions consult the plugin documentation

Limitations / TODO

  • Correlate SID to Call-IDs for SIP, Logs, QoS events
  • Parse SIP messages split across different syslog events
  • Parse Media Reports page 353 to HEP RTP reports
  • Autodetect SBC IP:PORT (experimental)
  • Convert non SIP logs to HEP 100 (correlation?)
  • Use Timestamp from event tail (is time UTC?)
PaStash
Distribution
Logging
Examples
HEP+VoIP Examples
Clone this wiki locally