Table of Contents
Setting up long-term tracing
To prevent the long-term trace from filling up the satellite, we strongly recommend that you follow the steps under “Saving Wireshark traces to a network drive” after making these settings.
During the course of the tutorial, commands and adjustments must be executed at various points in the shell. The following color coding is intended to help show what needs to be entered at which point:
Windows CMD
SSH terminal connection to the XCC satellite
Establishing an SSH connection to the XCC
Connect to the satellite via SSH. Open the CMD on the XPhone Connect server machine and enter the following command:
ssh root@[IP-Adresse Satellit]
Example: ssh root@10.10.10.10
Testing Wireshark filters
First, the Wireshark filter must be adjusted to the customer environment. For the cron job (see sub-item “Set up task scheduling (cron job)”), the command is further supplemented. For testing purposes, the command should look as follows:
usr/bin/tcpdump -Z root -i any -s0 -vv -U -G 10 -w /var/log/freeswitch/rtp_trace_\%Y-\%m-\%d_\%H-\%M-\%S.pcap portrange 30000-33000
The command monitors all network traffic on all interfaces, stores only those packets that relate to VoIP traffic (RTP) in the port range 30000–33000 (default), and writes them to a new .pcap file every 10 seconds.
|
Important: Be sure to adjust the port range so that it matches your satellite configuration (admin interface > Telephony & Meetings > SIP > XCC). Additional specific ports or port ranges can be easily added (including SIP gateway ports or connection ports between the XPhone server and satellite).
Do not change any of the other parameters at this point. |
Test the command via the connected shell on the satellite.
The recording can be canceled with CTRL+C.
Saving Wireshark traces to a network drive
To prevent the limited storage space on the XCC satellite from becoming full, the logs must be moved from the satellite to a network share. The SMB protocol and the Linux task scheduler (Crontab) are used for this purpose. The individual tasks in the scheduler are referred to as “cron jobs.”
Once the logs have been successfully transferred, the script deletes the files from the satellite.
Customizing the script
First, download the script “movelogs.sh”. After downloading, it must be adapted to your environment. The script contains the following sections:
DEST
This section specifies the network path to the network share where the files from the satellite are to be moved:
DEST="//[SERVER_IP]/[SHARE_NAME]"
Example: DEST="//10.10.10.10/tmp"
USER
Here, the user who has access to the share must be specified. This can be a domain or local user
Domain user USER="DOMAIN\\username%password" Local user USER="username%password"
Example: USER="c4b\\anna%password123" or USER="anna%password123"
EXTRA_DIRS
By default, only the files on the satellite are moved to /var/log/freeswitch. However, if folders (such as those of the SIP gateways) are also to be backed up on the network drive, they must be specifically specified under EXTRA_DIRS.
Example of existing folders:
|
Note: To view the existing folders, enter the following commands:
|
If only the XCC folder is to be backed up, the EXTRA_DIRS parameter could look like this:
EXTRA_DIRS="XCC"
To back up both folders, the parameter must be filled in as follows:
EXTRA_DIRS="XCC Anynode"
After the adjustments, the script could look like this:
Once you've made the changes, save the script.
Moving the script to the satellite
The script must now be moved to the “root/” folder on the satellite. SCP tools such as WinSCP are suitable for transferring the file. If this is not installed, the file can also be transferred via CMD.
To do this, open an additional CMD, as you will then need to work in the SSH connection again and execute the following command at the Windows level:
scp C:\Users\[User]\[LokalerOrdner]\movelogs.sh root@[IP-Adresse des Satelliten]:/root
Example: C:\Users\anna\Downloads\movelogs.sh root@10.10.10.20:/root
Then close the CMD at the Windows level and navigate back to the CMD with the SSH connection to the satellite.
Now the file must be made executable:
chmod +x /root/movelogs.sh
To check whether the network share is accessible, enter the following:
smbclient //IP address/share name -U username%password
or for a domain user:
smbclient //IP address/share name -U DOMAIN\\username%password
Example: smbclient //10.10.10.10/tmp -U anna%password123 OR smbclient //10.10.10.10/tmp -U c4b\\anna%password123
If the login fails, it may help to comment out special characters with a \.
Exit the smb shell using CTRL+C.
Testing the customized script
Before entering the script into the task scheduler as a cron job, test it manually:
/usr/bin/env bash /root/movelogs.sh
The Wireshark traces from the previous test and the EXTRA_DIR folders should then appear on the network share.
Setting up task scheduling (Cronjob)
To start task planning, the following command must be executed in the SSH shell:
crontab -e
When executed for the first time, the following dialog appears, in which the editor to be used must be selected:
In this guide, we use “nano” as the editor, so enter “1” and confirm with ENTER.
Customizing the Cronjob
If necessary, open Notepad and prepare the filter for the cron job. Once this filter is complete, it will be copied to the shell.
The following filter was tested under “Testing Wireshark Filters”:
/usr/bin/tcpdump -Z root -i any -s0 -vv -U -G 10 -w /var/log/freeswitch/rtp_trace_\%Y-\%m-\%d_\%H-\%M-\%S.pcap portrange 30000-33000
The following parameters, printed in bold, must be added and adjusted according to the table below. The values can also be set individually if necessary:
0 8 * * 1-5 /usr/bin/timeout -k 10s 9h /usr/bin/tcpdump -Z root -i any -s0 -vv -U -G 900 -w /var/log/freeswitch/rtp_trace_\%Y-\%m-\%d_\%H-\%M-\%S.pcap portrange 30000-33000
*/30 * * * * /usr/bin/env bash /root/movelogs.sh
Note: The last line is the Cronjob for moving the logs every 30 minutes.
These parameters must be adjusted / supplemented:
| parameters | explanation |
| 0 8 * * 1-5 | At the beginning of each cron job, the days on which it is executed are specified. In this case, 0 8 * * 1-5 means that the task is executed every working day at 8 a.m. |
| /usr/bin/timeout -k 10s 9h | /usr/bin/timeout -k 10s 9h means that Wireshark Trace will record for 9 hours (i.e., from 8:00 a.m. to 5:00 p.m.). This time can be increased if necessary. |
| -G 900 | In the original filter, a new file was created every 10 seconds for testing purposes (-G 10). This parameter must be adjusted for live tracing. The specification is in seconds. |
| portrange 30000-33000 |
Port range to be traced. If not already done: Be sure to adjust this so that it matches your satellite configuration (admin interface > Telephony & Meetings > SIP > XCC). Additional specific ports or port ranges can be easily added (including SIP gateway ports or connection ports between XPhone Server and satellite). Example: […] portrange 30000-33000 or port 5060 or portrange 5061-5065 or port 3280 or port 8021 |
| */30 * * * * | In addition, the start and end times of the task must be specified. */30 * * * * means that the task is executed every 30 minutes. |
Now add the finished command to the Cronjob. The configuration should then look like this:
Now you need to confirm the changes with “CTRL+O” and then “ENTER” to save them.
Press “CTRL+X” to exit the editor.
To terminate the cron job, simply delete the two added lines or comment them out by placing a “#” at the beginning of the line.
Enter “exit” to exit the ssh shell.
Comments
0 comments
Article is closed for comments.