User's Manual 794 Document #: LTRT-89730
Mediant 3000
Notes:
• If the 'Value' field is undefined, the device records all IP traffic types.
• You cannot use ip.addr or udp/tcp.port together with ip.src/dst or
udp/tcp.srcport/dstport. For example, "ip.addr==1.1.1.1 and ip.src==2.2.2.2" is an
invalid configuration value.
53.2 Configuring Syslog
This section describes the Syslog message format, how to configure and enable Syslog,
and how to view the generated Syslog messages. For filtering Syslog messages for
specific calls, see ''Configuring Log Filter Rules'' on page 789.
53.2.1 Syslog Message Format
The Syslog message is sent from the device to a Syslog server as an ASCII (American
Standard Code for Information Interchange) message. Syslog uses UDP as its underlying
transport layer mechanism. By default, UDP port 514 is assigned to Syslog, but this can be
changed (see ''Enabling Syslog'' on page 803).
Syslog includes two types of log messages:
SIP call session logs: Logs relating to call sessions (e.g., call established). These logs
are identified by a session ID ("SID"), described in detail in the table below. The
following is an example of a SIP-session related Syslog message:
13:10:57.811 : 10.13.4.12 : NOTICE : [S=235][SID:2ed1c8:96:5]
(lgr_flow)(63) UdpTransportObject#0- Adding socket event for
address 10.33.2.42:5060 [Time: 04-19-2012@18:29:39]
Board logs: Logs relating to the operation of the device (infrastructure) that are non-
call session related (e.g., device reset or Web login). These logs are identified by a
board ID ("BID"), described in detail in the table below. The following is an example of
a board Syslog message:
10:21:28.037 : 10.15.7.95 : NOTICE : [S=872] [BID=3aad56:32]
Activity Log: WEB: Successful login at 10.15.7.95:80. User:
Admin. Session: HTTP (10.13.22.54)
The format of the Syslog message is described in the following table below:
Table 53-2: Syslog Message Format Description
Message Item Description
Message Types
Syslog generates the following types of messages:
ERROR: Indicates that a problem has been identified that
requires immediate handling.
WARNING: Indicates an error that might occur if
measures are not taken to prevent it.
NOTICE: Indicates that an unusual event has occurred.
INFO: Indicates an operational message.
DEBUG: Messages used for debugging.
Notes:
The INFO and DEBUG messages are required only for
advanced debugging and by default, they are not sent by
the device.
When viewing Syslog messages in the Web interface,
To Next Page
Loading...
Need help?
General
