Mar
03
2009
0

Mediatrix SIP/PRI Gateway Syslog Server Setup

Recently I was requested to set up syslog service between a Mediatrix PRI to SIP gateway.  The Mediatrix web GUI allows you to send logs to a syslog server; in this case an Asterisk PBX.  Asterisk logs just fine to local facility0 by the way.

I enabled the service and set syslog to accept remote connections.  Yet, I got nothing.  I called a support rep for a vendor that sells these things and he told me that by default Mediatrix logs to local facility7.  So I edited the syslog.conf with the IP Address of the Mediatrix and it worked!  syslog and rsyslog config files should work the same.  I hope this helps.

/etc/rsyslog.conf

# Log cron stuff
cron.*                                                  /var/log/cron
# Everybody gets emergency messages
*.emerg                                                 *
# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler
# Save boot messages also to boot.log
#local7.*                                                /var/log/boot.log
#mediatrix IP ADDRESS
local7.*                                            /var/log/mediatrix.log
#
#
#
#
local0.*                        /var/log/asterisk.log

Remember a couple things – rsyslog is a newer version of syslog.  So you might have a ‘rsyslog.conf’ or a ‘syslog.conf’.  Another thing often overlooked is enabling TCP/UDP port 514 and their respective modules.  By default remote logging is disabled in Fedora Distros, and likely others for good reason.

/etc/rsyslog.conf

#### MODULES ####



$ModLoad imuxsock.so    # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so      # provides kernel logging support (previously done by rklogd)
$ModLoad immark.so      # provides –MARK– message capability



# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514



# Provides TCP syslog reception
$ModLoad imtcp.so
InputTCPServerRun 514

In conclusion…  Syslog servers are absolutely nesasarry to get Mediatrix SIP/PRI gateways operational with the carrier.  They are a solid appliance, but difficult to configure because of all the options.  Good luck.

Feb
06
2009
0

Configuring Asterisk for a remote Syslog Server PART I

Syslog & Rsyslog are the mainstay tools of event logging.  Every standard UNIX/Linux based Operating System comes with some version.  Asterisk logging capabilities allow for some or all events to be sent to syslogd for post processing; (that is) to store in a SQL database or for sending logs to a remote syslog server.

If you work on or troubleshoot Asterisk PBX servers than you know there are a many pieces to put together.  Putting together 30 Polycom IP SoundPoint phones, the network, and configuring Asterisk can a huge task.  I tell most Administrators to expect a “shake out” period.  Usually about for a week.

Start with the simplist feature set possible, and work your way out.  However, occasionally dial plan SNAFU’s aren’t noticed right away.  Like for instance when a user cannot dial a certain area code or there is typo in some utility extension.  By this time there might be wide use of your(mostly operational) Asterisk PBX, making it diffacult to watch the CLI and catch the error.  For the record I’m using Rsyslog, Asterisk 1.4.23-rc2 on Fedora 10 i386, 32bit, Intel yada yada… We’ll start by editing the logger.conf file.

/etc/asterisk/logger.conf:

; Logging Configuration
;
; In this file, you configure logging to files or to
; the syslog system.
;
; “logger reload” at the CLI will reload configuration
; of the logging system.

[general]
; Customize the display of debug message time stamps
; this example is the ISO 8601 date format (yyyy-mm-dd HH:MM:SS)
; see strftime(3) Linux manual for format specifiers
;dateformat=%F %T
;
; This appends the hostname to the name of the log files.
;appendhostname = yes
;
; This determines whether or not we log queue events to a file
; (defaults to yes).
;queue_log = no
;
; This determines whether or not we log generic events to a file
; (defaults to yes).
;event_log = no
;
;
; For each file, specify what to log.
;
; For console logging, you set options at start of
; Asterisk with -v for verbose and -d for debug
; See ‘asterisk -h’ for more information.
;
; Directory for log files is configures in asterisk.conf
; option astlogdir
;
[logfiles]
;
; Format is “filename” and then “levels” of debugging to be included:
;    debug
;    notice
;    warning
;    error
;    verbose
;    dtmf
;
; Special filename “console” represents the system console
;
; We highly recommend that you DO NOT turn on debug mode if you are simply
; running a production system.  Debug mode turns on a LOT of extra messages,
; most of which you are unlikely to understand without an understanding of
; the underlying code.  Do NOT report debug messages as code issues, unless
; you have a specific issue that you are attempting to debug.  They are
; messages for just that — debugging — and do not rise to the level of
; something that merit your attention as an Asterisk administrator.  Debug
; messages are also very verbose and can and do fill up logfiles quickly;
; this is another reason not to have debug mode on a production system unless
; you are in the process of debugging a specific issue.
;
;debug => debug
console => notice,warning,error
;console => notice,warning,error,debug
messages => notice,warning,error
;full => notice,warning,error,debug,verbose

;syslog keyword : This special keyword logs to syslog facility
;
;

syslog.local1 => verbose

The first time I looked at this I was confused, ‘ ;syslog keyword : This special keyword logs to syslog facility ‘.  This almost implies that ‘keyword’ could be anything.  So what if i call it

/etc/asterisk/logger.conf :

;syslog.local1 => verbose

; replace with

syslog.asterisk => verbose

Now I’ll create a matching entry in the /etc/rsyslog.conf (Fedora 10 uses rsyslog).  Keep in mind you may use /etc/syslog.conf on your system.

/etc/rsyslog.conf:

#rsyslog v3 config file

# if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance

#### MODULES ####

$ModLoad imuxsock.so    # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so    # provides kernel logging support (previously done by rklogd)
#$ModLoad immark.so    # provides –MARK– message capability

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

#=====================================

# Below you will see series of expressions to catch asterisk logs

#Some work, other expressions will not.  Why is that?

#

local0.*                        /var/log/asterisk.log

local1.*                        /var/log/local-cli.log

#The asterisk ‘logger.conf’ file matches entries ‘local1’ and ‘asterisk’.

asterisk.*                    /var/log/asterisk-cli.log

#=====================================

# ### begin forwarding rule ###
# The statement between the begin … end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/spppl/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###