Example: SONUS Logs
This example recipe parse, reassemble and convert Ribbon/Sonus SBC (TRC) logs back into IP/SIP/HEP types, shipped to a HEP Capture Server such as HOMER or HEPIC for use cases where encrypted communication is unavailable off-the-wire for monitoring and troubleshooting.
- NodeJS 10.x+ and paStash need to be installed before execution
# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_sonuslog
Save the following recipe to a readable location, ie: /path/to/pastash_sonus.conf
- To read an existing file from the beginning, uncomment the
start_indexoption
input {
file {
path => "/var/log/sonus-log.TRC"
# start_index => 0
}
}
filter {
app_sonuslog {}
}
output {
stdout{}
if [rcinfo] != 'undefined' {
hep {
host => '127.0.0.1'
port => 9063
hep_id => 2222
hep_type => 1
}
}
}
pastash --config_file=/path/to/pastash_sonus.conf
On the Log originating SBC (10.0.0.2) deploy the following paStash sender:
input {
file {
path => "/var/log/sonus-log-*.TRC"
# start_index => 0
}
}
output {
udp {
host => 10.0.0.2
port => 9099
}
}
On the receiving end (10.0.0.2) deploy the following paStash receiver:
input {
udp {
host => 0.0.0.0
port => 9099
}
}
filter {
app_sonuslog {}
}
output {
if [rcinfo] != 'undefined' {
hep {
host => '127.0.0.1'
port => 9063
hep_id => 2222
hep_type => 1
}
}
}
As an alternative, Syslog can be used to receive TCP logs from the Sender:
input {
udp {
host => 0.0.0.0
port => 9514
type => syslog
}
}
```