• Created by user-0f753, last modified by user-e1945 on Mar 27, 2014

In this section we collect all the logs about events that has happened. This type of logs are written once the event has finished and do not represent a live photograph of the state of the service or of the appliance. They are mostly useful for debugging user's issues and provide support.

figure 1. the static logs menu

As you can see in figure 1. the static logs menu all these logs are grouped under the "LOGGING" label into the main menu.

1. Security Events

Since 14.1 version Security Events has been added to PrivateServer logging. This log category lists every event captured by our Security Information and Event Management (SIEM) interface, which has been introduced in that version.

figure 2. Security Events list

SIEM interface catches and rewrites SIEM style events that are currently managed in underlying event log layers such the one described just after present paragraph. This means that each event listed under this section is also present in a specific on but shown in different format, often raw one. SIEM formatted events are instead all present here.

figure 3. Security Event detail

Just clicking on Timestamp you get single event details as shown in figure 3. Security Event detail.

You can tell we're dealing with SIEM formatted log just by reading Details part. Consider that we're talking of a generic SIEM format that can be more refined and adapted for being processed by external systems. PrivateServer can generate events in CEF format, compatible with HP Arcsight product.

2. System Events

System Events list shows all events occurred to PrivateServer but not directly intercepted by Web appliance because triggered out of its scope.

figure 4. System Events list

Examples are:

  • Web appliance updates
  • Web appliance reboot
  • Appliance backup and restores
  • Heartbeat
figure 5. System Event details

Clicking on Timestamp part of the log shows you System Event's details as show in figure 5. System Event details.

3. Auditing

The Auditing page shows any change to the configuration performed via web console. 

figure 6. List of Audit Events Log List

As shown above in figure 6. List of Audit Events Log List, we can collect several informations:

  • Timestamp: the exact time the event happened. 

    Please remember that the timestamp is related to the appliance's time configuration. It's local time which gets reported.

  • Username: the user who performed the change is traced by the username used in the login.
  • Change: the type of changes performed.
  • Object Type
  • Object ID

These informations can be used for security checks as for post-issue analysis. 

4. Web Sessions

In the web sessions it's possible to read the list of all the access made to the web console.

figure 7. List of Web Session Logs

Just click on the Web Sessions entry in the main menu and you get a list as in figure figure 7. List of Web Session Logs. Fields shown are:

  • Date Created: this is when the event occurred
  • Event Type: there are several type of Events (see specifications below)
  • Principal: the username used to log in.
  • IP Address: the IP address from which the connection has been performed.

If the user listed is "anonymousUser" then this is an event triggered by the system. This is specifically true for events like the "SESSION_TIMEOUT".

4.1. Event Types

Here follows a list of all the event types logged in this table:

  • SESSION_TIMEOUT : pretty self explanatory
  • LOGOUT : The user performed a logout 
  • SUCCESS_INTERACTIVE / SUCCESS : these two events always come together and indicates a login has successfully performed. The former one points out the login happened through the web interface ("interactive"), the latter is a generic successful login log.
  • FAIL_USER_NOT_FOUND : the login used was not found among the users configured.
  • FAIL_CREDENTIALS_EXPIRED : the password or the credentials used are set as expired
  • FAIL_BAD_CREDENTIALS : wrong password

5. Call Detailed Records

Despite its name the CDR is a debugging and quality assurance facility. It saves all the calls status, meaning it is very useful to understand is something is going wrong with you Secure Call Service.

To access the CDR you must click on the Call Detailed Record in the main menu. You'll get the "Cdr List" page which includes all the calls recorded. 

figure 8. Call Detailed Record List

If the table is empty, please place a phone call between the two SIp Accounts. Then come back on this page and check that the call has been correctly registered. The shown fields are:

  • Call Date: when the call has been placed.
  • Caller Number: The virtual phone number used to place the call.
  • Caller: The caller description, if any.
  • Caller Group: The caller's group description, if any.
  • Callee Number: The virtual phone number called.
  • Callee: The callee description, if any.
  • Callee Group: The callee's group description, if any.
  • Total Duration: how long the call lasted. Time elapsed from the moment the "Call Button" is pressed on the caller's client to the one in which the communication is closed at all.
  • Call Duration: how long the call lasted, just the voice.
  • Disposition: which result the call had.
  • Hangup Cause: how long the call lasted.
  • Call id: a unique number that identifies the call.
  • Call type: nature of the call performed.
  • Call route: if the call transited on a trunk this field would shown the trunk's name.

5.1. Relevant fields in CDR

The Disposition is very important because it tells you the exit code of each call. Possible codes are:

  1. ANSWERED: the call was taken by the callee
  2. NO_ANSWER: nobody picked up the phone to answer (mostly this is a time out code)
  3. BUSY: the callee refused the call
  4. FAILED: for some reason the call was not able to be placed
The Hangup Cause describes in details what caused the hangup. Possible causes are:
  1. NO_ROUTE_DESTINATION: The callee is not reachable because of network issues.
  2. NORMAL_CLEARING: Call closed normally.
  3. USER_BUSY: The user is busy.
  4. NO_ANSWER: The callee didn't answer and the call was closed for timeout reason.
  5. CALL_REJECTED: The callee rejected the call, as by pressing the "hold" button.
  6. BEARERCAPABILITY_NOTAVAIL: The caller and the callee were using different security models that are not compatible.
  7. NO_USER_RESPONSE: The same as in "NO_ANSWER", but this happens when the call goes out by Trunk.
The Call Type identifies the nature of the call. Used with the Call id fields this value is useful to trace down complex calls like three-way calls, conferences or transferred calls. Possible values are:
  1. CALL: Usual call between two persons
  2. 3-WAY: Usual call (as above) with an added person during the call
  3. CONFERENCE: Conference call
  4. TRANSFER: Usual call that is transferred to a third person
The Call id is a number that identifies uniquely the call. It can be used to trace a call if it changes its nature (ie becoming a three-way call) or to group all the participants (ie in a conference room).

 

It's possible to avoid any call record, as a Privacy option. To enable the "No-CDR" option, you just have to set the CDR Period to "DAY" and the duration to '0' (zero).

The above statement about the CDR Privacy option is true only for the DIRECT calls (which are the calls between two users). Conferences and 3-way calls will be logged as ever, though.

 

6. Messages

The Messages page lists Secure Messages managed by PrivateServer. 

Only transport data are listed in this view: no payload or other data about Secure Messages are showed up

figure 9. list of Secure Messages

The list represent the log of Secure Messages transaction happened, so that it's showed:

  • Received: when PrivateServer actually received the Secure Message
  • From: sender's account name
  • To: recipient's account name
  • Status: status of the message. Secure Message Statuses are described in next paragraph

Each Secure Message managed by PrivateServer is represented on one single line, as shown in figure 9. list of Secure Messages. 

6.1. Secure Message Status

Each Message walks through different statuses, each one representing a milestone towards its delivery:

  1. ENQUEUED: PrivateServer received the request to deliver one Secure Message and put it in its queue to be managed
  2. DELIVERED: Secure Message has been delivered to recipient's device which sent back a receive confirmation.

There are statuses describing issues raised during the delivery, such as:

  1. EXPIRED: the message has been in queue for more than 72 hours and thus it's no more considered valid.
  2. INVALID_RECIPIENT: recipient's cannot deal with Secure Messages
  3. INVALID_DEVICE: recipient's device does not support Secure Messaging
  4. INVALID_PAYLOAD: message content is empty or bigger than 600 byte (this should never happen)

7. SIP Sessions

The SIP Sessions page show the activities each Account did with the server. 

figure 10. List of SIP Session Activities

To get this list just click on the SIP Sessions entry in the main menu. The activities are listed by date and they give you a detailed overview of the SIP status for each one. These logs are very useful for debugging the networking issues on the client side.

The Event column lists the SIP events:

  • CONNECT: PrivateGSM client opened a connection to PrivateServer. This usually means the client has been activated
  • REGISTER: The Account has been correctly registered and is now on line
  • UNREGISTER: The Account has been correctly unregistered and is now off line
  • DISCONNECT: PrivateGSM client closed the connection. This usually means the client has been stopped.
Each one has its Details column which explains the exact message provided by the PrivateServer.
CONNECT/DISCONNECT event are bound to a remote address, not directly related to a specific VoIP account. A periodic background task analyses the SIP session logs and, when possible, reconcile them binding these events to a specific account. 
Reconciliation is very useful while debugging SIP session for a specific user: clicking on username field will show a filtered list of SIP session events.

8. Install messages

Install messages are one amongst the numerous means for installing PrivateGSM on the customers' mobile device. 

To make the Install messages work fine you have to configure the Application download URL.

What we accomplish sending an Installation message is to help the customer to find out the correct edition of PrivateGSM application (either Professional or Enterprise) and automatically install it. 

figure 11. list of the install messages sent

main features of the logs of the install messages are:

  • Timestamp: the exact date & time when the message has been sent
  • Account: to who the message has been sent to
  • Platform: which mobile platform
  • Variant: this could be either:
    • ZRTP: this is the Professional Edition
    • SDES: this is the Enterprise Edition
  • Sent: if the message results to be effectively sent or if there were issues in sending it
  • Sent by: the User who sent the Install Message.
  • Recipient: the number of mobile device or the email address to whom message has been sent to 
  • Message Type: this could be either:
    • EMAIL: Installation message was sent by email (user's mailbox must be set up)
    • SMS: Installation message was sent by Text Message (SMS) using user's virtual phone number
figure 12. details of one install message

Clicking on the Timestamp field it becomes possible to reveal details about each message. You can have an example in figure 12. details of one install message.

Tip

Clicking on the Account field brings you straight to the Account's detail. 

9. Provisioning messages

Provisioning messages are basically the mean for delivering the download URI of the provisioned configuration. Long story short: whenever you push an automatic activation by sending the provisioning message you're sending a text message that contains the URI to the user's configuration. Part of this configuration is created by the Provisioning Profile, part of it is taken by the Account configuration. Nevertheless, it's always a configuration file to be downloaded and then installed in your PrivateGSM.

figure 13. Log list of the provisioning messages

Clicking on the Provisioning Messages link brings you to the logs list shown in figure 13. Log list of the provisioning messages. Here you have all the primary informations about the automatic activation performed:

  • Timestamp: when each message has been sent
  • Consumed: status of the message, or else either it's been used (consumed) or not. This means if the customer has ever clicked on the link inside the text message/email
  • Account: user to whom the message has been sent
  • if the text message has been Sent or not, meaning if any problem arose during the delivery and the text never left the server.
  • Sent by: the web console user who sent this provisioning message
  • Recipient: the number of mobile device or the email address to whom message has been sent to
  • Message Type: this could be either:
    • EMAIL: Installation message was sent by email (user's mailbox must be set up)
    • SMS: Installation message was sent by Text Message (SMS) using user's virtual phone number
figure 14. detail of provisioning message

Clicking on the Timestamp field it becomes possible to reveal details about each message. You can have an example in figure 14. detail of provisioning message.

Tip

Clicking on the Account field brings you straight to the Account's detail. 

Three are the contents shown in the detail form that are not present in the list above:

  1. The Message link
  2. The Token
  3. The Validity

PSOM 4.0.2 Real-Time management

  • No labels