1.1.6 • Published 4 years ago
@pastash/filter_app_audiocodes_beta v1.1.6
App Audiocodes filter
Status : functional, experimental plugin.
AUDIOCODES Syslog
This example recipe parse, reassemble and convert Audiocodes SBC logs back into IP/SIP/HEP types, received as Syslog UDP/TCP and shipped back to a HEP Capture Server such as HOMER or HEPIC for use cases where encrypted communication is unavailable off-the-wire for monitoring and troubleshooting.
Dependencies
- Audiocodes Mediant SBC- 7.20A.260.012 (or higher)
- 7.20A.256.511 (or lower)
 
- NodeJS 10.x+ and paStash need to be installed before execution
NPM
# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_audiocodesSBC Settings

NOTE: Since UDP is the only transport, paStash should be deployed in close network proximity of the SBC!
PaStash Recipe
- sysloginput on port- 514
- audiocodesfilter to parse syslog events
- hepoutput to port- 9060
Save the following recipe to a readable location, ie: /path/to/pastash_audiocodes.conf
input {
  udp {
    host => 0.0.0.0
    port => 514
    type => syslog
  }
}
filter {
  app_audiocodes{
    version => '7.40A.100.114'
    debug => false
    autolocal => true
    ini => '/path/to/copy/of/audiocodes.ini'
  }
}
output {
  if [rcinfo] != 'undefined' {
        hep {
          host => '127.0.0.1'
          port => 9060
          hep_id => 2222
        }
  }
}Usage
pastash --config_file=/path/to/pastash_audiocodes.confTo configure as a service, please follow this guide
Options
Parameters for app_audiocodes:
- ini: Audiocodes INI path. Supports extraction and replacement of Interface aliases to IP:PORT. Default: false
- iniwatch: Audiocodes INI watched. Reloads changes upon modifications. Default: false
- autolocal: Enable detection of Local SBC IP from logs. Default : false.
- localip: Replacement IP for missing SBC Aliases. Default : 127.0.0.1.
- localport: Replacement port for missing SBC Aliases. Default : 5060.
- logs: Enable emulation of HEP 100 logs. Default : false.
- qos: Enable emulation of HEP QoS logs. Default : true.
- correlation_hdr: SIP Header to use for correlation IDs. Default : false.
- correlation_contact: Auto-Extract correlation from Contact x-c. Default : false.
- debug: Enable debug logs. Default : false.
- version: Syslog parser version. Supports- 7.20A.260.012(or higher). Default: 7.20A.260.012
For full instructions consult the plugin documentation
Limitations / TODO
- Correlate SID to Call-IDs for SIP, Logs, QoS events
- Parse SIP messages split across different syslog events
- Parse Media Reports page 353 to HEP RTP reports
- Autodetect SBC IP:PORT (experimental)
- Convert non SIP logs to HEP 100 (correlation?)
- Parse SBC Interfaces and Aliases from Audiocodes INI config file.
- Use Timestamp from event tail (is time UTC?)