search

niekvlessert / audiocodes_syslog_tool

A tool to make the syslog output from Audiocodes SBC devices more searchable and readable
GNU General Public License v3.0
10 stars 1 forks source link

readme

Audiocodes Syslog Viewer Tool

Licensed under the GPL v3

Audiocodes SBC devices create a lot of syslog information. They actually create so much it's not easy at all to find in there what you need. It's not possible to make settings to log only the things you need. It logs SIP OPTIONS by default which will put your log full of information you will never need when troubleshooting.

This tool has been created to be able to quickly browse through Audiocodes syslog information. You can search for calls in a webgui, the information of a call will be displayed in a SIP diagram and it's easy to skip through the call.

Audiocodes has a tool for that as well, but it works by manually importing data, which is not doable in real life when you have many calls. There also is a payed enterprise grade tool, but it's expensive and interestingly enough it only shows the SIP information, not the Audiocodes internal log. For actual problem fixing the internal log is important; without that it remains guessing which parameter is causing the issue.

It's using an optimized rsyslog configuration that directly logs to a postgresql database, which uses triggers. With this configuration a lot of syslog data can be handled.

Here's a screenshot:

sip_flow

Since Audiocodes might change the layout of the syslog data sometimes, the script may break on older/newer versions. It's modified to work properly on at least v7.20A.259.221.

It needs some installation work. A script has been included that should do the hard work for you. This currently works fine on CentOS 7, it's untested for Debian, Ubuntu and CentOS 6 but it should be close for those. These are the general steps done by this script:

On a clean CentOS 7 system run the following. You will obviously end up with not the most secure setup since SELinux is disabled, improve if you desire more security... Run this as root and make sure internet connection is available.

curl -O https://raw.githubusercontent.com/niekvlessert/audiocodes_syslog_tool/master/bootstrap.sh
chmod +x bootstrap.sh
./bootstrap.sh
cd /opt/ast

After that you must use the maintanance script that can take care of several tasks:

But before using it edit the settings.ini; then:

./ast_maintenance install

When done visit your webserver using Chrome/Firefox, the folder is /ast/.

Obviously you must set the Audiocodes device to log syslog data to the IP address of your Syslog machine. You can then try the GUI after some calls have been made through the device, or have a look in the database if it's not working:

psql -U syslog
select * from <devicename>_<month>_<day> order by id desc limit 10;

Be careful; every day for every SBC logging needs a few tables. If your system doesn't have them Rsyslog will fill the database log files very quickly. The cronjob in /etc/cron.d/cron_ast takes care of this. You may run ast_maintenance without command line options to see the command line options. Run with initializeDatabase to create the tables for today (and the required user and database if needed), use createDbTomorrow for the tables for tomorrow, you will need to run this before the end of the day obviously. Use deleteOldData to delete old data. Obviously this depends on some factors, but the disk fills up quicker then you'd think. When postgres runs out of space things look grim; it's difficult to retrieve any data. deleteOldData can have an argument, with that you can specify the amount of days in the past the data needs to be deleted from. CDR records will be preserved, it's the other bulk of logging that will be deleted.

Updating

When updating your settings.ini will be preserved

cd ~/audiocodes_syslog_tool
git pull
php maintenance.php install
cd /opt/ast/
./ast_maintenance install

Todo