Quick links:
Product Overview
Installation
Settings and Administration
ADSL
SIP Support
Telephone ports
Network
Firewall
Wireless
VPN
Misc
Licenses
Troubleshooting
Differences
This shows you the differences between two versions of the page.
|
web_gui:log_configuration_page [2010/11/08 11:45] tibor |
web_gui:log_configuration_page [2012/03/02 10:14] (current) martinga |
||
|---|---|---|---|
| Line 12: | Line 12: | ||
| * Info | * Info | ||
| * Debug | * Debug | ||
| + | |||
| + | {{ :web_gui:log_configuration_page.png?204|Log Configuration page in rel 5.30}} | ||
| ===== System Log ===== | ===== System Log ===== | ||
| Line 25: | Line 27: | ||
| The firewall log records information about packets received and sent by the unit. | The firewall log records information about packets received and sent by the unit. | ||
| - | Usually the firewall log is turned off - no packets are logged.\\ | + | The firewall log does not use severity levels, it qualifies packets as: |
| - | :!: Enabling the firewall log may affect performance/throughput of the unit, especially when logging all packets and/or extensive details about each packet. At peak load, some packets may be left out from the log. | + | * Error - internal error when processing packet |
| + | * Drop - packet dropped by interface | ||
| + | * Deny - packet denied by firewall | ||
| + | * Accept - packet accepted by firewall rule | ||
| + | |||
| + | Usually the firewall log is turned off - no packets are logged. | ||
| + | |||
| + | ^ :!: Enabling the firewall log severely limits performance/throughput of the unit! ^ | ||
| + | |||
| + | At peak load, some packets may be left out from the log. | ||
| If you enable firewall logging, you should consider selecting **Show rejected packets** as that setting will log all packets stopped by the firewall, but not every single packet passing through. | If you enable firewall logging, you should consider selecting **Show rejected packets** as that setting will log all packets stopped by the firewall, but not every single packet passing through. | ||
| Line 40: | Line 51: | ||
| ===== ===== | ===== ===== | ||
| The firewall log can be viewed on the [[firewall log page]] or forwarded to various receivers, see below. | The firewall log can be viewed on the [[firewall log page]] or forwarded to various receivers, see below. | ||
| + | |||
| + | ===== SIP Log ===== | ||
| + | The SIP log records SIP and telephony related events. | ||
| + | |||
| + | Usually the SIP log does not record events with severity "info" and "debug", to keep log tidy. You can however select different **Verbosity level**. | ||
| + | |||
| + | To record log messages about media streams you can either lower the verbosity level, or raise the **Mediastream log level** to above verbosity level. | ||
| + | |||
| + | You can filter the SIP log to record only certain headers, methods or IP addresses: | ||
| + | * **Log SIP header fields** - Enter the name of the SIP header fields (e.g. From, To) you want to record into the SIP Log (Verbosity level has to be "info" or "debug" to use this feature). '*' can be used to record the complete SIP message with all headers. | ||
| + | * **Log SIP methods** - Filter logging of SIP messages by method. If the word "not" is prepended all SIP messages that not matches the methods listed will be logged. Examples: "not REGISTER" or "INVITE ACK BYE CANCEL". | ||
| + | * **Log only communication with IP addresses** - Filter the logging of SIP messages. Only SIP messages sent or received to the given IP addresses are recorded into the SIP Log. | ||
| + | * **Log internal SIP messages** - SIP messages may be sent to/from internal applications of the box, when this checkbox is checked all messages will be logged. Otherwise only message sent out or received from the network will be shown. | ||
| + | |||
| + | This section contains also settings for the logging for telephone ports and built-in IVR units (auto attendant, conference unit, voicemail unit, testagent unit): | ||
| + | * **Log telephone port and IVR unit calls** - Use this checkbox to get a logging for each start and end of a call where a telephone port (FXS/FXO) or an IVR unit is an endpoint. | ||
| + | * **Telephone ports and IVR units debug messages** - Use this checkbox to get a lot of debug output for each call where a telephone port (FXS/FXO) or an IVR unit is an endpoint. Should only be enabled for debug purposes, because it needs quite a lot of processing power. | ||
| + | The SIP log can be viewed on the [[SIP log page]] or forwarded to various receivers, see below. | ||
| + | |||
| + | ===== VPN Log ===== | ||
| + | The VPN log records [[:vpn:start|Virtual Private Network]] events. Visible only if VPN [[:license]] is installed into the unit. | ||
| + | |||
| + | Usually debug messages are not recorded into the VPN log. You can however include them too if support requests you to. | ||
| + | |||
| + | The VPN log can be viewed on the [[VPN log page]] or forwarded to various receivers, see below. | ||
| + | |||
| + | ===== Call Log ===== | ||
| + | The call log records information about SIP calls made through the unit. | ||
| + | |||
| + | **Call detail recording level** - Select the amount of information recorded for each call: | ||
| + | * **Off** - No information is logged. | ||
| + | * **Basic** - Information about call participants, duration, termination reason, etc is recorded. | ||
| + | * **Including media statistics** - Calculate and store information about voice quality too. | ||
| + | **Log local calls too** - Log information about local calls (made between LAN phones) too. (Same as setting "Always record route" on [[advanced_sip_settings|SIP advanced]] page.) | ||
| + | |||
| + | The Call log can be viewed on the [[Call log page]] or forwarded to various receivers, see below. | ||
| + | |||
| + | ===== Distribute ===== | ||
| + | You can distribute (forward) entries recorded into the logs to other recipients such as syslog servers: | ||
| + | |||
| + | ==== Save to File ==== | ||
| + | You can save a snapshot of current contents of all logs into a file on your PC. It is not a continuous logging, just a momentary snapshot. | ||
| + | |||
| + | ==== Log to USB memory ==== | ||
| + | Log entries in all logs can be logged to files on an attached USB memory. Logging starts automatically when an inserted USB memory has a **/log** folder on it. Log files are created for each log (system/firewall/SIP etc) and filled with log entries as they occur. New log files are created for each power on. | ||
| + | |||
| + | :?: If logging does not start then check that the folder is named **/log** (not /Log !), the file system of the USB memory is FAT32, and **Read only access** is disabled on [[USB Web server page]]. | ||
| + | |||
| + | ==== Forward to syslog server ==== | ||
| + | Log entries in all logs can be forwarded to remote [[wp>syslog]] servers. | ||
| + | |||
| + | Contents of the **system** and **firewall logs** can be sent to the **primary syslog server**. | ||
| + | |||
| + | Contents of the other logs can be sent to that primary syslog server too, or to other dedicated syslog servers. | ||
| + | |||
| + | :!: **WARNING!** Logging all packets in the firewall log, and enabling forwarding of firewall log to a syslog server generates **one extra packet** of data traffic for **each and every packet** received or sent by this unit! This not only reduces performance/bandwidth of this unit but your entire network! Use with extreme care! | ||
| + | |||
| + | Do not forward ACCEPT log entries - To reduce network traffic you can set "Firewall Log" above to "Show all packets", enable "Forward firewall log to primary syslog server" and enable this setting. Then all sent/received packets will be logged in the unit's internal firewall log, but only ERROR/DROP/DENY entries will be forwarded to the syslog server. | ||
| + | |||
| + | ==== Send as e-mail ==== | ||
| + | Log entries in all logs can be mailed to an e-mail account. To be able to send e-mails you must supply address of an SMTP server on the [[E-mail page]]. | ||
| + | |||
| + | For performance reasons log entries are //not// mailed one-by-one, but as log files containing several log entries. Thus reporting through e-mail can be delayed until more log entries are collected. | ||
| + | |||
| + | The generated e-mail contains the severity level of the most severe event logged in the attached log file. Please notice that the message always lists only ONE log entry - there might be more log lines in the attached log file with similiar severety! | ||
| + | |||
| + | You can limit the amount of logs e-mailed by selecting what severity level of an event must have been occurred for an e-mail to be generated. (As the firewall log has no severity levels it cannot do such filtering.) | ||
| + | |||
| + | ==== Forward to SNMP server ==== | ||
| + | Log entries in all logs can be forwarded, embedded in [[wp>SNMP#Trap|SNMP traps]], to a remote [[:settings and administration:SNMP]] server. | ||
| + | |||
| + | By specifying a community and IP address SNMP traps can be generated for log events with selected severity levels or higher. | ||
| + | |||
| + | Log traps sent have OID .1.3.6.1.4.1.1218.1.5.0.0 | ||
| + | |||
| + | Installing Internet Gate's customer specific MIB makes receiving log traps easier. [[:settings and administration:SNMP|Read more here]] | ||
