Example: AUDIOCODES Syslog
This example recipe parse, reassemble and convert Audiocodes SBC logs back into IP/SIP/HEP types, received as Syslog UDP/TCP and shipped back to a HEP Capture Server such as HOMER or HEPIC for use cases where encrypted communication is unavailable off-the-wire for monitoring and troubleshooting.
- Audiocodes Mediant SBC
- NodeJS 10.x+ and paStash need to be installed before execution
# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_audiocodes
-
sysloginput on port514 -
audiocodesfilter to parse syslog events -
hepoutput to port9060
Save the following recipe to a readable location, ie: /path/to/pastash_sonus.conf
input {
udp {
host => 0.0.0.0
port => 514
type => syslog
}
}
filter {
app_audiocodes{}
}
output {
if [rcinfo] != 'undefined' {
hep {
host => '127.0.0.1'
port => 9060
hep_id => 2222
}
}
}
pastash --config_file=/path/to/pastash_sonus.conf
To configure as a service, please follow this guide
Parameters for app_audiocodes:
-
correlation_hdr: SIP Header to use for correlation IDs. Default : false. -
correlation_contact: Auto-Extract correlation from Contact x-c. Default : false. -
localip: Replacement IP for SBC Aliases. Default : 127.0.0.1. -
localport: Replacement port for SBC Aliases. Default : 5060. -
autolocal: Enable detection of Local SBC IP from logs. Default : false. -
logs: Enable emulation of HEP 100 logs. Default : false. -
qos: Enable emulation of HEP QoS logs. Default : false. -
debug: Enable debug logs. Default : false.
For full documentation see: https://github.com/sipcapture/paStash/blob/next/plugins/filters/app_audiocodes/app_audiocodes.md
- Parse SIP messages split across different syslog events
- Parse Media Reports page 353 to HEP RTP reports
- Use Timestamp from event tail (is time UTC?)
- Convert SBC Realm names to IP:PORT (any events?)
- Convert non SIP logs to HEP 100 (correlation?)