Skip to content

Example: AUDIOCODES Syslog

Jump to bottom
Lorenzo Mangani edited this page Dec 20, 2020 · 32 revisions

AUDIOCODES Syslog

This example recipe parse, reassemble and convert Audiocodes SBC logs back into IP/SIP/HEP types, received as Syslog UDP/TCP and shipped back to a HEP Capture Server such as HOMER or HEPIC for use cases where encrypted communication is unavailable off-the-wire for monitoring and troubleshooting.

Dependencies

  • Audiocodes Mediant SBC
  • NodeJS 10.x+ and paStash need to be installed before execution

NPM

# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_audiocodes

PaStash Recipe

  • syslog input on port 514
  • audiocodes filter to parse syslog events
  • hep output to port 9060

Save the following recipe to a readable location, ie: /path/to/pastash_sonus.conf

input {
  udp {
    host => 0.0.0.0
    port => 514
    type => syslog
  }
}

filter {
  app_audiocodes{}
}

output {
  if [rcinfo] != 'undefined' {
        hep {
          host => '127.0.0.1'
          port => 9060
          hep_id => 2222
        }
  }
}

Usage

pastash --config_file=/path/to/pastash_sonus.conf

To configure as a service, please follow this guide

Limitations / TODO

  • Parse SIP messages split across different syslog events
  • Parse Media Reports page 353 to HEP RTP reports
  • Use Timestamp from event tail (is time UTC?)
  • Convert SBC Realm names to IP:PORT (any events?)
  • Convert non SIP logs to HEP 100 (correlation?)
PaStash
Distribution
Logging
Examples
HEP+VoIP Examples
Clone this wiki locally