@pastash/filter_app_audiocodes_beta
v1.1.6
Published
Audiocodes Syslog plugin for @pastash/pastash
Downloads
4
Readme
App Audiocodes filter
Status : functional, experimental plugin.
AUDIOCODES Syslog
This example recipe parse, reassemble and convert Audiocodes SBC logs back into IP/SIP/HEP types, received as Syslog UDP/TCP and shipped back to a HEP Capture Server such as HOMER or HEPIC for use cases where encrypted communication is unavailable off-the-wire for monitoring and troubleshooting.
Dependencies
- Audiocodes Mediant SBC
- 7.20A.260.012 (or higher)
- 7.20A.256.511 (or lower)
- NodeJS 10.x+ and paStash need to be installed before execution
NPM
# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_audiocodes
SBC Settings
NOTE: Since UDP is the only transport, paStash should be deployed in close network proximity of the SBC!
PaStash Recipe
syslog
input on port514
audiocodes
filter to parse syslog eventshep
output to port9060
Save the following recipe to a readable location, ie: /path/to/pastash_audiocodes.conf
input {
udp {
host => 0.0.0.0
port => 514
type => syslog
}
}
filter {
app_audiocodes{
version => '7.40A.100.114'
debug => false
autolocal => true
ini => '/path/to/copy/of/audiocodes.ini'
}
}
output {
if [rcinfo] != 'undefined' {
hep {
host => '127.0.0.1'
port => 9060
hep_id => 2222
}
}
}
Usage
pastash --config_file=/path/to/pastash_audiocodes.conf
To configure as a service, please follow this guide
Options
Parameters for app_audiocodes
:
ini
: Audiocodes INI path. Supports extraction and replacement of Interface aliases to IP:PORT. Default: falseiniwatch
: Audiocodes INI watched. Reloads changes upon modifications. Default: falseautolocal
: Enable detection of Local SBC IP from logs. Default : false.localip
: Replacement IP for missing SBC Aliases. Default : 127.0.0.1.localport
: Replacement port for missing SBC Aliases. Default : 5060.logs
: Enable emulation of HEP 100 logs. Default : false.qos
: Enable emulation of HEP QoS logs. Default : true.correlation_hdr
: SIP Header to use for correlation IDs. Default : false.correlation_contact
: Auto-Extract correlation from Contact x-c. Default : false.debug
: Enable debug logs. Default : false.version
: Syslog parser version. Supports7.20A.260.012
(or higher). Default: 7.20A.260.012
For full instructions consult the plugin documentation
Limitations / TODO
- [x] Correlate SID to Call-IDs for SIP, Logs, QoS events
- [x] Parse SIP messages split across different syslog events
- [x] Parse Media Reports page 353 to HEP RTP reports
- [x] Autodetect SBC IP:PORT (experimental)
- [x] Convert non SIP logs to HEP 100 (correlation?)
- [x] Parse SBC Interfaces and Aliases from Audiocodes INI config file.
- [ ] Use Timestamp from event tail (is time UTC?)