In this section we collect all the logs about events that has happened. This type of logs are written once the event has finished and do not represent a live photograph of the state of the service or of the appliance. They are mostly useful for debugging user's issues and provide support.

As you can see in  all these logs are grouped under the "LOGGING" label into the main menu.

Security

Since 14.1 version Security Events has been added to logging. This log category lists every event captured by our Security Information and Event Management (SIEM) interface, which has been introduced in that version.

SIEM interface catches and rewrites SIEM style events that are currently managed in underlying event log layers such the one described just after present paragraph. This means that each event listed under this section is also present in a specific on but shown in different format, often raw one. SIEM formatted events are instead all present here.

Just clicking on Timestamp you get single event details as shown in .

You can tell we're dealing with SIEM formatted log just by reading Details part. Consider that we're talking of a generic SIEM format that can be more refined and adapted for being processed by external systems. can generate events in CEF format, compatible with HP Arcsight product.

System

System Events list shows all events occurred to but not directly intercepted by Web appliance because triggered out of its scope.

Examples are:

  • Web appliance updates
  • Web appliance reboot
  • Appliance backup and restores
  • Heartbeat

Clicking on Timestamp part of the log shows you System Event's details as show in .

Web Sessions

In the web sessions it's possible to read the list of all the access made to the web console.

Just click on the Web Sessions entry in the main menu and you get a list as in figure . Fields shown are:

  • Date Created: this is when the event occurred
  • Event Type: there are several type of Events (see specifications below)
  • Principal: the username used to log in.
  • IP Address: the IP address from which the connection has been performed.

If the user listed is "anonymousUser" then this is an event triggered by the system. This is specifically true for events like the "SESSION_TIMEOUT".

Event Types

Here follows a list of all the event types logged in this table:

  • SESSION_TIMEOUT : pretty self explanatory
  • LOGOUT : The user performed a logout 
  • SUCCESS_INTERACTIVE / SUCCESS : these two events always come together and indicates a login has successfully performed. The former one points out the login happened through the web interface ("interactive"), the latter is a generic successful login log.
  • FAIL_USER_NOT_FOUND : the login used was not found among the users configured.
  • FAIL_CREDENTIALS_EXPIRED : the password or the credentials used are set as expired
  • FAIL_BAD_CREDENTIALS : wrong password

Call Details Record

CDR is a debugging and quality assurance tool: it lists all calls statuses, which is very useful to understand if something went wrong with your Secure Call Service.

Please be aware that CDR can only list past calls. Calls that are currently ongoing are not listed or are partially shown if they are conference rooms.


To access CDR you must click on Call Detailed Record in main menu. You'll get "Cdr List" page which lists all details of performed calls.


If the table is empty, please perform one phone call between two s and then come back on this page to check that the call has been correctly registered.


Shown fields are:

  • Call Date: when the call has been placed.
  • Caller Number: The virtual phone number used to place the call.
  • Caller: The caller description, if any.
  • Caller Group: The caller's group description, if any.
  • Callee Number: The virtual phone number called.
  • Callee: The callee description, if any.
  • Callee Group: The callee's group description, if any.
  • Total Duration: how long the call lasted. Time elapsed from the moment the "Call Button" is pressed on the caller's client to the one in which the communication is closed at all.
  • Call Duration: how long the call lasted, just the voice.
  • Disposition: which result the call had.
  • Hangup Cause: how long the call lasted.
  • Call id: a unique number that identifies the call.
  • Call type: nature of the call performed.
  • Call route: if the call transited on a trunk this field would shown the trunk's name.

Relevant fields in CDR

The Disposition field reports the final state of the call, whether it reached the called number or not (eg: callee canceled the call, called was busy, etc...). Possible codes are:

  1. ANSWERED: callee answered
  2. NO_ANSWER: callee did not answer
  3. BUSY: callee refused the call
  4. FAILED: for some reason the call was not able to be placed (eg: User was off-line)
  5. CANCEL: caller hanged up during ringing
The Hangup Cause describes from Secure Voice Engine's point of view how or why the call ended. Possible causes are:
  1. NOT_DEFINED: No informations received or no information listed in known causes (ie: don't know why)
  2. NO_ROUTE_DESTINATION: The callee was not known to the system (and there's no trunk to route out).
  3. NORMAL_CLEARING: Call closed normally.
  4. USER_BUSY: The user is busy.
  5. NO_ANSWER: The callee didn't answer and the call was closed for timeout reason.
  6. CALL_REJECTED: The callee rejected the call, as by pressing the "hold" button.
  7. BEARERCAPABILITY_NOTAVAIL: The caller and the callee were using different security models that are not compatible.
  8. NO_USER_RESPONSE: [when call goes out by Trunk] The same as in "NO_ANSWER".
  9. NORMAL_CIRCUIT_CONGESTION: [when call goes out by Trunk] as in "NO_ROUTE_DESTINATION".
  10. SUBSCRIBER_ABSENT: [when call goes out by Trunk] calle is temporary not reachable.

To understand what happened in each call row you should always put together informations shown in Disposition and Hangup Cause.


The Call Type identifies the nature of the call. Used with the Call id fields this value is useful to trace down complex calls like three-way calls, conferences or transferred calls. Possible values are:
  1. CALL: Regular call between two persons
  2. 3-WAY: Conference Call, meaning one regular call on which has been invited more participants.
  3. CONFERENCE: Conference Room, meaning one number to call in order to have more persons talking togethere
  4. TRANSFER: Regular call that has been transferred to a third person
The Call id is a number that identifies uniquely the call. It can be used to trace a call if it changes its nature (ie becoming a three-way call) or to group all the participants (ie in a conference room).


It's possible to avoid any call record, as a Privacy option. To enable the "No-CDR" option, you just have to set the CDR Period to "DAY" and the duration to '0' (zero).


The above statement about the CDR Privacy option is true only for the DIRECT calls (which are the calls between two users). Conferences and 3-way calls will be logged as ever, though.


SIP Client Connections

The SIP Sessions page show the activities each Account did with the server. 

To get this list just click on the SIP Sessions entry in the main menu. The activities are listed by date and they give you a detailed overview of the SIP status for each one. These logs are very useful for debugging the networking issues on the client side.

The Event column lists the SIP events:

  • CONNECT:  client opened a connection to . This usually means the client has been activated
  • REGISTER: The Account has been correctly registered and is now on line
  • UNREGISTER: The Account has been correctly unregistered and is now off line
  • DISCONNECT:  client closed the connection. This usually means the client has been stopped.
Each one has its Details column which explains the exact message provided by the .
CONNECT/DISCONNECT event are bound to a remote address, not directly related to a specific VoIP account. A periodic background task analyses the SIP session logs and, when possible, reconcile them binding these events to a specific account. 
Reconciliation is very useful while debugging SIP session for a specific user: clicking on username field will show a filtered list of SIP session events.

Secure Messages

The Messages page lists Secure Messages managed by

Only transport data are listed in this view: no payload or other data about Secure Messages are showed up


The list represent the log of Secure Messages transaction happened, so that it's showed:

  • UUID: universally unique identifier is to enable distributed systems to uniquely identify information without significant central coordination.
  • From: sender's account name
  • To: recipient's account name
  • Tech message:
  • API version:
  • Status: status of the message. Secure Message Statuses are described in next paragraph
  • Send attempts:
  • Received: when actually received the Secure Message
  • Prossesed: When actually sent message to client.

Each Secure Message managed by is represented on one single line, as shown in . 

Secure Message Status

Each Message walks through different statuses, each one representing a milestone towards its delivery:

  1. ENQUEUED: received the request to deliver one Secure Message and put it in its queue to be managed
  2. DELIVERED: Secure Message has been delivered to recipient's device which sent back a receive confirmation.

There are statuses describing issues raised during the delivery, such as:

  1. EXPIRED: the message has been in queue for more than 72 hours and thus it's no more considered valid.
  2. INVALID_RECIPIENT: recipient's cannot deal with Secure Messages
  3. INVALID_DEVICE: recipient's device does not support Secure Messaging
  4. INVALID_PAYLOAD: message content is empty or bigger than 600 byte (this should never happen)

Install messages

Install messages are one amongst the numerous means for installing on the customers' mobile device. 

To make the Install messages work fine you have to configure the Application download URL.

What we accomplish sending an Installation message is to help the customer to find out the correct edition of application and automatically install it. 

main features of the logs of the install messages are:

  • Timestamp: the exact date & time when the message has been sent
  • Account: to who the message has been sent to
  • Platform: which mobile platform
  • Variant: this could be either:
    • ZRTP: this is the end-to-end security model 
    • SDES: this is the end-to-site security model
  • Sent: if the message results to be effectively sent or if there were issues in sending it
  • Sent by: the User who sent the Install Message.
  • Recipient: the number of mobile device or the email address to whom message has been sent to 
  • Message Type: this could be either:
    • EMAIL: Installation message was sent by email (user's mailbox must be set up)
    • SMS: Installation message was sent by Text Message (SMS) using user's virtual phone number

Clicking on the Timestamp field it becomes possible to reveal details about each message. You can have an example in .

Clicking on the Account field brings you straight to the Account's detail. 

Activation messages

Provisioning messages are basically the mean for delivering the download URI of the provisioned configuration. Long story short: whenever you push an automatic activation by sending the provisioning message you're sending a text message that contains the URI to the user's configuration. Part of this configuration is created by the Provisioning Profile, part of it is taken by the Account configuration. Nevertheless, it's always a configuration file to be downloaded and then installed in your .

Clicking on the Provisioning Messages link brings you to the logs list shown in . Here you have all the primary informations about the automatic activation performed:

  • Timestamp: when each message has been sent
  • Consumed: status of the message, or else either it's been used (consumed) or not. This means if the customer has ever clicked on the link inside the text message/email
  • Account: user to whom the message has been sent
  • if the text message has been Sent or not, meaning if any problem arose during the delivery and the text never left the server.
  • Sent by: the web console user who sent this provisioning message
  • Recipient: the number of mobile device or the email address to whom message has been sent to
  • Message Type: this could be either:
    • EMAIL: Installation message was sent by email (user's mailbox must be set up)
    • SMS: Installation message was sent by Text Message (SMS) using user's virtual phone number

Clicking on the Timestamp field it becomes possible to reveal details about each message. You can have an example in .

Clicking on the Account field brings you straight to the Account's detail. 

Three are the contents shown in the detail form that are not present in the list above:

  1. The Message link
  2. The Token
  3. The Validity