@pastash/filter_app_audiocodes_beta

Audiocodes Syslog plugin for @pastash/pastash

Usage no npm install needed!

<script type="module">
  import pastashFilterAppAudiocodesBeta from 'https://cdn.skypack.dev/@pastash/filter_app_audiocodes_beta';
</script>

README

App Audiocodes filter

Status : functional, experimental plugin.

AUDIOCODES Syslog

This example recipe parse, reassemble and convert Audiocodes SBC logs back into IP/SIP/HEP types, received as Syslog UDP/TCP and shipped back to a HEP Capture Server such as HOMER or HEPIC for use cases where encrypted communication is unavailable off-the-wire for monitoring and troubleshooting.

Dependencies

  • Audiocodes Mediant SBC
    • 7.20A.260.012 (or higher)
    • 7.20A.256.511 (or lower)
  • NodeJS 10.x+ and paStash need to be installed before execution

NPM

# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_audiocodes

SBC Settings

image

NOTE: Since UDP is the only transport, paStash should be deployed in close network proximity of the SBC!

PaStash Recipe

  • syslog input on port 514
  • audiocodes filter to parse syslog events
  • hep output to port 9060

Save the following recipe to a readable location, ie: /path/to/pastash_audiocodes.conf

input {
  udp {
    host => 0.0.0.0
    port => 514
    type => syslog
  }
}

filter {
  app_audiocodes{
    version => '7.40A.100.114'
    debug => false
    autolocal => true
    ini => '/path/to/copy/of/audiocodes.ini'
  }
}

output {
  if [rcinfo] != 'undefined' {
        hep {
          host => '127.0.0.1'
          port => 9060
          hep_id => 2222
        }
  }
}

Usage

pastash --config_file=/path/to/pastash_audiocodes.conf

To configure as a service, please follow this guide

Options

Parameters for app_audiocodes:

  • ini: Audiocodes INI path. Supports extraction and replacement of Interface aliases to IP:PORT. Default: false
  • iniwatch: Audiocodes INI watched. Reloads changes upon modifications. Default: false
  • autolocal: Enable detection of Local SBC IP from logs. Default : false.
  • localip: Replacement IP for missing SBC Aliases. Default : 127.0.0.1.
  • localport: Replacement port for missing SBC Aliases. Default : 5060.
  • logs: Enable emulation of HEP 100 logs. Default : false.
  • qos: Enable emulation of HEP QoS logs. Default : true.
  • correlation_hdr: SIP Header to use for correlation IDs. Default : false.
  • correlation_contact: Auto-Extract correlation from Contact x-c. Default : false.
  • debug: Enable debug logs. Default : false.
  • version: Syslog parser version. Supports 7.20A.260.012 (or higher). Default: 7.20A.260.012

For full instructions consult the plugin documentation

Limitations / TODO

  • Correlate SID to Call-IDs for SIP, Logs, QoS events
  • Parse SIP messages split across different syslog events
  • Parse Media Reports page 353 to HEP RTP reports
  • Autodetect SBC IP:PORT (experimental)
  • Convert non SIP logs to HEP 100 (correlation?)
  • Parse SBC Interfaces and Aliases from Audiocodes INI config file.
  • Use Timestamp from event tail (is time UTC?)