Configure Logging
Expressway provides syslogging features for troubleshooting and auditing purposes. The Event Log is a rotating local log that records information about things like calls, registrations, and messages sent and received.
To configure Expressway logging options, go to
. From the Logging page you can do the following tasks:-
Specify the Local event log verbosity to change the depth of event information recorded locally
-
Toggle Media statistics logging
-
Toggle Call Detail Records
-
Define one or more remote syslog server addresses
-
Filter by severity the events sent to each remote syslog server
-
Toggle System Metrics Collection
Change the Event Log Verbosity
You can optionally control the local log verbosity by setting the Local event log verbosity between 1 and 4. All events have an associated level in the range 1-4, with Level 1 Events considered the most important.
Note |
Logging at level 3 or level 4 is not recommended for normal operation, because such detailed logging may cause the 2GB log to rotate too quickly. However, you may need to record this level of detail for troubleshooting. |
Events are always logged locally - to the Event Log - regardless of whether or not remote logging is enabled.
The table gives an overview of the levels assigned to different events:
Level |
Assigned events |
---|---|
1 |
High-level events such as registration requests and call attempts. Easily human readable. For example:
|
2 |
All Level 1 events, plus: logs of protocol messages sent and received (SIP, H.323, LDAP and so on) excluding noisy messages such as H.460.18 keepalives and H.245 video fast-updates |
3 |
All Level 1 and Level 2 events, plus:
|
4 |
The most verbose level: all Level 1, Level 2 and Level 3 events, plus:
|
Changes to the log level affect both the Event Log that you view through the web interface, and the information that is copied to any remote log server. Changes are not retrospective and only affect what is logged after the change.
Expressway uses the following facilities for local logging. The software components / logs that map to the (local) facilities are emphasized:
-
0 (kern)
-
3 (daemon)
-
16 (local0) Administrator
-
17 (local1) Config
-
18 (local2) Mediastats
-
19 (local3) Apache error
-
20 (local4) etc/opt/apache2
-
21 (local5) Developer
-
22 (local6) Network
The Events and levels section has a complete list of all events that are logged by the Expressway, and the level at which they are logged.
Certificate-Compliant Logging
In some environments you may want to ensure that the Expressway logs are compliant with the requirements of your security certification. There is a trade-off between security and the purpose of the logs for diagnostics, and in the certification-compliant modes it may be impossible to establish the exact cause of a problem call.
How to Configure Certification-compliant Logging
Procedure
Step 1 |
Go to . |
||||||||
Step 2 |
In the Logging options section, set the Certification logging mode to one of the following:
|
Publishing Logs to Remote Syslog Servers
Syslog is a convenient way to aggregate log messages from multiple systems to a single location. This is particularly recommended for peers in a cluster.
Configuring Remote Syslog Servers
Note |
|
Procedure
Step 1 |
Go to , and enter the IP addresses or Fully Qualified Domain Names (FQDNs) of the Remote syslog servers to which this system will send log messages. |
Step 2 |
Click on the Options button for each server. |
Step 3 |
Specify the Transport protocol and Port you wish to use. If you choose to use TLS, you will see the option to enable Certificate Revocation List (CRL) checking for the syslog server. |
Step 4 |
In the Message Format field, select the writing format for remote syslog messages. The default is Legacy BSD. |
Step 5 |
Use the Filter by Severity option to select how much detail to send. The Expressway sends messages of the selected severity and all of the more severe messages. |
Step 6 |
Use the Filter by Keywords option if you only want to send messages with certain keywords. |
Step 7 |
Click Save. |
Typical Values Used
The following table should help you select the format that best matches your logging server(s) and network configuration and shows the typical values used.
Message format |
Transport protocol |
Suggested port |
RFC |
---|---|---|---|
Legacy BSD format |
UDP |
514 |
BSD format. See RFC 3164 |
IETF syslog format |
UDP |
514 |
IETF format. See RFC 5424 |
IETF syslog using TLS connection |
TLS |
6514 |
IETF format. See RFC 5424 |
Note |
|
Media Statistics Logging for Calls
How to Enable Media Statistics
To optionally enable media statistics collection on the Expressway, go to
and set Media statistics to On. The system starts logging media statistics for each call, to the local hard disk in /mnt/harddisk/log. Up to 200 files of 10MB each are stored, and the oldest is deleted when file 200 is full.The media statistics collected include packets forwarded, packets lost, jitter, media type, codec, and actual bitrate.
Media statistics are also published as syslog messages. While Media statistics logging is on, the Expressway publishes statistics using facility 18 (local2) to all remote syslog servers you have configured. The message severity is Informational but the media statistics messages are published irrespective of severity filter settings.