How to collect syslog from Wildix devices

Owned by Former user (Deleted)
Last updated: Aug 23, 2022 by Tatiana Bieliakova
3 min read

The following Admin Guide explains how to collect syslog trace from Wildix devices without installation of Syslog Server.

Created: June 2017

Permalink: https://wildix.atlassian.net/wiki/x/WyHOAQ

Collecting syslog from your Wildix devices can be useful in order to debug various issues. The best solution is to install Syslog Server reachable from outside your network. But in case Syslog Server can't be installed, there is still a possibility to capture data from your Wildix devices. 

Step 1. Enable Syslog server on your devices via provisioning

  • Go to WMS -> Devices 
  • Select a device/ devices from the list and click Edit
  • Enable "Syslog Server" option and enter the PBX IP address or domain name into the field
  • Click Save 
  • After changes are saved, click Configure/Sync device

Step 2. Capture syslog trace from PBX

Method 1 (a single trace)

To capture a single trace:

  • Go to WMS Settings -> Tools and utilities -> Generate trace
  • Enable "Custom tcpdump" option and enter the following string: 

-v -s0 -i any host <DEVICE_IP> and port 514

Where:

<DEVICE_IP> is the IP address of your device. 

  • Click Start to generate a file
  • When the file is generated, click Stop

Note: a pcap file “trace_YYYY-MM-DD_HH-MM.pcap” is saved to /mnt/backups/traces/ folder.


Important: The max size of 1 file is 50MB. In case its size reaches more than 50MB, a new file will be gererated automatically.

Method 2 (a long-time trace)

To capture a long-time trace:

  • Open Terminal in the top menu of WMS and run the following command via SSH:

    Note: the access to Terminal is enabled only for admin users.

# sudo tcpdump -s0 -i any -w /mnt/backups/traces/<FILE_NAME>.pcap host <DEVICE_IP> and port 514

Where:

<FILE_NAME> is the name of a file. You can put any name here.

<DEVICE_IP> is the IP address of your device.

Example:

# sudo tcpdump -s0 -i any -w /mnt/backups/traces/test_trace.pcap host 10.100.5.127 and port 514


Note: in case you need to collect syslog trace from various devices, run the following command via SSH:

sudo tcpdump -s0 -i any -w /mnt/backups/traces/<FILE_NAME>.pcap "(host <DEVICE_1> or host DEVICE_2> or host DEVICE_3>)" and port 514

Where:

<FILE_NAME> is the name of a file.

<DEVICE_1>, DEVICE_2>, DEVICE_3> are the IP addresses of your devices.

  • Once you finished to collect syslog trace, use CTRL+C to terminate the SSH sesion


Activate a long-time trace in background

  • Run the following command via SSH:

# sudo tcpdump -s0 -i any -w /mnt/backups/traces/<FILE_NAME>.pcap host <DEVICE_IP> and port 514 -C 50 -W 10&

Where:

<FILE_NAME> is the name of a file.

<DEVICE_IP> is the IP address of your device.

-C XX is the max size in MB for each pcap file.

-W XX is  the max number of pcap files.

& means that pcap trace will be activated in background (it will be still active even if you terminate the SSH session).


Stop a long-time trace in background

  • Run the following command via SSH to check the process ID that is needed for terminating a trace: 

ps aux |grep tcpdump

  • To stop a trace, run the following command. Put the process ID instead of <PID>:

kill -9 <PID>

Step 3. Generate the syslog file

Run the following command via SSH:

# sudo tcpdump -A -r /mnt/backups/traces/<FILE_NAME>.pcap | sed '/^\s*$/d' | grep -v "SYSLOG" > /mnt/backups/traces/syslog_device_YYYY-MM-DD.log

Where:

<FILE_NAME> is the name used to generate a long-time trace (See Method 2).

Step 4. Download the syslog

  • To download the file, run the command via SSH:

/home/admin/syslog_device_YYYY-MM-DD.log

Step 5. Disable Syslog server on your devices

  • Select a device/ devices in WMS -> Devices and click Edit
  • Disable "Syslog Server" option and delete the PBX IP address or domain name
  • Click Save
  • To complete the action, click Configure/Sync device