| Table of Contents |
|---|
Sometimes is required to collect syslog from Wildix devices in order to debug some issues.
Best way is to set up within a company, a syslog server, reachable from outside. Then provision the Wildix device with your Syslog server IP.
In case you do not have a syslog server in place, you can still have the possibility to grab the log from your Wildix device.
Here you are an easy way to do that in just 5 easy steps.
1. Enable Syslog server in the your device via provisioning
Goes to “Devices -> Edit -> Syslog Server” , enable it and set the Wildix PBX IP. Then click on “Configure/Sync device”
2. Capture the syslog from PBX
Method 1 (if you need a one-shot trace)
From PBX web interface, under “Settings -> Tools & Utilities -> Generate Trace”, select “Custom tcpdump” and add the following string:
| Scroll export button | ||||||||
|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
The following Admin Guide explains how to collect syslog trace from Wildix devices without installation of Syslog Server. Created: June 2017 Permalink: https://wildix.atlassian.net/wiki/x/WyHOAQ |
| Table of Contents |
|---|
Collecting syslog from your Wildix devices can be useful in order to debug various issues. The best solution is to install Syslog Server reachable from outside your network. But in case Syslog Server can't be installed, there is still a possibility to capture data from your Wildix devices.
Step 1. Enable Syslog server on your devices via provisioning
- Go to WMS -> Devices
- Select a device/ devices from the list and click Edit
- Enable "Syslog Server" option and enter the PBX IP address or domain name into the field
- Click Save
- After changes are saved, click Configure/Sync device
Step 2. Capture syslog trace from PBX
Method 1 (a single trace)
To capture a single trace:
- Go to WMS Settings -> Tools and utilities -> Generate trace
- Enable "Custom tcpdump" option and enter the following string:
| Code Block | ||
|---|---|---|
| ||
-v -s0 -i any host <DEVICE_IP> and port 514 |
...
Where:
Where <DEVICE_IP> is the IP address of your device.
Then click to “start”.
When over, click to "stop".
...
- Click Start to generate a file
- When the file is generated, click Stop
| Note |
|---|
Note: a pcap file “trace_YYYY-MM-DD_HH-MM.pcap” |
...
is saved |
...
to /mnt/backups/traces/ folder. |
| Warning |
|---|
*ATTENTION*: In this way the system will run a trace and will write 1 file till it reaches 50MB. After that the file will be overwritten.
...
Important: The max size of 1 file is 50MB. In case its size reaches more than 50MB, a new file will be gererated automatically. |
Method 2 (a long-time trace)
To capture a long-time trace:
Open Terminal in the top menu of WMS and run the following command via SSH:
Note Note: the access to Terminal is enabled only for admin users.
| Code Block | ||
|---|---|---|
| ||
# sudo tcpdump -s0 -i any -w /mnt/backups/traces/<FILE_NAME>.pcap host <DEVICE_IP> and port 514 |
Where:
<FILE_NAME> is the name of a file. You can put any name here.
<DEVICE_IP> is the IP address of your device.
Method 2 (if you need to run syslog trace log time)
From PBX command line run the following command:
...
Example:
| Code Block | ||
|---|---|---|
| ||
# sudo tcpdump -s0 -i any -w /mnt/backups/traces/test_trace.pcap host 10.100.5.127 and port 514 |
| Note | |||||
|---|---|---|---|---|---|
Note: in case you need to collect syslog trace from various devices, run the following command via SSH:
|
...
|
...
Once you have done the test call, you can press CRTL+C to exit.
...
Where: <FILE_NAME> is the name of a file. <DEVICE_1>, DEVICE_2>, DEVICE_3> are the IP addresses of your devices. |
- Once you finished to collect syslog trace, use CTRL+C to terminate the SSH sesion
Activate a long-time trace in background
- Run the following command via SSH:
| Code Block | ||
|---|---|---|
| ||
# sudo tcpdump -s0 -i any -w /mnt/backups/traces/<FILE_NAME>.pcap host <DEVICE_IP> and port 514 -C 50 -W 10& |
-W XX defines the max number of pcap files Where:
<FILE_NAME> is the name of a file.
<DEVICE_IP> is the IP address of your device.
-C XX defines is the max size in MB for each pcap file.
& means that pcap trace will be activated in background (it will be still active even if you terminate the ssh session). To stop a trace in background :- launch ps aux |grep tcpdump to check process id
- kill -9 <PID> (PID = process id from previous point)
-W XX is the max number of pcap files.
& means that pcap trace will be activated in background (it will be still active even if you terminate the SSH session).
Stop a long-time trace in background
- Run the following command via SSH to check the process ID that is needed for terminating a trace:
| Code Block | ||
|---|---|---|
| ||
ps aux |grep tcpdump |
To stop a trace, run the following command. Put the process ID instead of <PID>:
| Code Block | ||
|---|---|---|
| ||
kill -9 <PID> |
Step 3. Generate the syslog file
...
Run the following command via SSH:
| Code Block | |
|---|---|
|
...
| |
# sudo tcpdump -A -r /mnt/backups/traces/<FILE_NAME>.pcap | sed '/^\s*$/d' | grep -v "SYSLOG" > /mnt/ |
...
backups/ |
...
traces/syslog_device_YYYY-MM-DD.log |
Where:
<FILE_NAME> is the name used to generate a long-time trace (See Method 2).
Step 4. Download the syslog
...
- To download the file, run the command via SSH:
| Code Block | ||
|---|---|---|
| ||
/home/admin/syslog_device_YYYY-MM-DD.log |
Step 5. Disable
...
Syslog server on your devices
- Select a device/ devices in WMS -> Devices and click Edit
- Disable "Syslog Server" option and delete the PBX IP address or domain name
- Click Save
- To complete the action, click Configure/Sync device
| Macrosuite divider macro | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Button macro | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|