Skip to content

Example: AUDIOCODES Syslog

Jump to bottom
Lorenzo Mangani edited this page Dec 19, 2020 · 32 revisions

AUDIOCODES Syslog

This example recipe parse, reassemble and convert Audiocodes SBC logs back into IP/SIP/HEP types, received as Syslog UDP/TCP and shipped back to a HEP Capture Server such as HOMER or HEPIC for use cases where encrypted communication is unavailable off-the-wire for monitoring and troubleshooting.

Dependencies

  • Audiocodes SBC (any?)
  • NodeJS 10.x+ and paStash need to be installed before execution

Limitations / TODO

  • Parse Timestamp from event tail (is time UTC?)
  • Convert SBC Realm names to IP:PORT (any events?)
  • Convert non SIP logs to HEP 100 (correlation?)

NPM

# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_audiocodes

PaStash Recipe

  • syslog input on port 9514
  • audiocodes filter to parse TRC events
  • hep output to port 9063

Save the following recipe to a readable location, ie: /path/to/pastash_sonus.conf

input {
  tcp {
    host => 0.0.0.0
    port => 9514
    type => syslog
  }
}

filter {
  app_audiocodes{}
}

output {
  stdout{}
  if [rcinfo] != 'undefined' {
        hep {
          host => '127.0.0.1'
          port => 9063
          hep_id => 2222
          hep_type => 1
        }
  }
}

Usage

pastash --config_file=/path/to/pastash_sonus.conf

To configure as a service, please follow this guide

PaStash
Distribution
Logging
Examples
HEP+VoIP Examples
Clone this wiki locally