How to collect syslog from Wildix devices
The following Admin Guide explains how to collect syslog trace from Wildix devices without installation of Syslog Server.
Created: June 2017
Permalink: https://wildix.atlassian.net/wiki/x/WyHOAQ
Collecting syslog from your Wildix devices can be useful in order to debug various issues. The best solution is to install Syslog Server reachable from outside your network. But in case Syslog Server can't be installed, there is still a possibility to capture data from your Wildix devices.
Step 1. Enable Syslog server on your devices via provisioning
Go to WMS -> Devices
Select a device/ devices from the list and click Edit
Enable "Syslog Server" option and enter the PBX IP address or domain name into the field
Click Save
After changes are saved, click Configure/Sync device
Step 2. Capture syslog trace from PBX
Method 1 (a single trace)
To capture a single trace:
Go to WMS Settings -> Tools and utilities -> Generate trace
Enable "Custom tcpdump" option and enter the following string:
-v -s0 -i any host <DEVICE_IP> and port 514Where:
<DEVICE_IP> is the IP address of your device.
Click Start to generate a file
When the file is generated, click Stop
Note: a pcap file “trace_YYYY-MM-DD_HH-MM.pcap” is saved to /mnt/backups/traces/ folder.
Important: The max size of 1 file is 50MB. In case its size reaches more than 50MB, a new file will be gererated automatically.
Method 2 (a long-time trace)
To capture a long-time trace:
Open Terminal in the top menu of WMS and run the following command via SSH:
Note: the access to Terminal is enabled only for admin users.
# sudo tcpdump -s0 -i any -w /mnt/backups/traces/<FILE_NAME>.pcap host <DEVICE_IP> and port 514Where:
<FILE_NAME> is the name of a file. You can put any name here.
<DEVICE_IP> is the IP address of your device.
Example:
# sudo tcpdump -s0 -i any -w /mnt/backups/traces/test_trace.pcap host 10.100.5.127 and port 514Note: in case you need to collect syslog trace from various devices, run the following command via SSH:
sudo tcpdump -s0 -i any -w /mnt/backups/traces/<FILE_NAME>.pcap "(host <DEVICE_1> or host DEVICE_2> or host DEVICE_3>)" and port 514Where:
<FILE_NAME> is the name of a file.
<DEVICE_1>, DEVICE_2>, DEVICE_3> are the IP addresses of your devices.
Once you finished to collect syslog trace, use CTRL+C to terminate the SSH sesion
Activate a long-time trace in background
Run the following command via SSH:
# sudo tcpdump -s0 -i any -w /mnt/backups/traces/<FILE_NAME>.pcap host <DEVICE_IP> and port 514 -C 50 -W 10&Where:
<FILE_NAME> is the name of a file.
<DEVICE_IP> is the IP address of your device.
-C XX is the max size in MB for each pcap file.
-W XX is the max number of pcap files.
& means that pcap trace will be activated in background (it will be still active even if you terminate the SSH session).
Stop a long-time trace in background
Run the following command via SSH to check the process ID that is needed for terminating a trace:
ps aux |grep tcpdumpTo stop a trace, run the following command. Put the process ID instead of <PID>:
kill -9 <PID>Step 3. Generate the syslog file
Run the following command via SSH:
# sudo tcpdump -A -r /mnt/backups/traces/<FILE_NAME>.pcap | sed '/^\s*$/d' | grep -v "SYSLOG" > /mnt/backups/traces/syslog_device_YYYY-MM-DD.logWhere:
<FILE_NAME> is the name used to generate a long-time trace (See Method 2).
Step 4. Download the syslog
To download the file, run the command via SSH:
/home/admin/syslog_device_YYYY-MM-DD.logStep 5. Disable Syslog server on your devices
Select a device/ devices in WMS -> Devices and click Edit
Disable "Syslog Server" option and delete the PBX IP address or domain name
Click Save
To complete the action, click Configure/Sync device