VoIP Logging and Queries in SmartView Tracker
VoIP logging
SmartView Tracker:
- Shows detailed, protocol-specific logs for VoIP traffic.
- There are also a number of predefined SmartView Tracker VoIP log queries. These logs supply enhanced troubleshooting capabilities.
- SmartView Tracker logs are Accept, Drop, or Detect.
To enable VoIP logging of...
|
Configure the Track option to Log in the ...
|
VoIP calls
|
Security Rule Base VoIP rule
|
IPS protections
|
IPS protection
|
- If VoIP logging is disabled, then only standard logging takes place, showing the source, destination and protocol information.
- Logs SIP, H.323, MGCP and SCCP.
VoIP Queries
In SmartView Tracker, there are predefined Voice Over IP log queries.
Predefined Query
|
Type
|
When Sent
|
Shows
|
Registration Session
|
Accept logs
|
After successful registration.
|
Registration IP address, phone number, port, and transport protocol (TCP/UDP). Registration period (seconds). IP address of the registrar server.
|
Other Session
|
Accept logs
|
After response to SIP requests (such as MESSAGE or UPDATE) or response to MGCP commands (such as AUEP, AUCX, or EPCF).
|
Source IP address, port, and phone number. Destination IP address, port and phone number. SIP method or MGCP command type.
|
Security Events
|
Drop or Detect logs
|
IPS VoIP protection has detected a violation.
|
Source IP address, port and phone number. Destination IP address, port and phone number. Reason for log (Attack and Attack Information fields).
|
Call Session
|
Accept logs
|
After a call is established, and updated after the call is closed.
|
Source IP address, port and phone number. Destination IP address, port and phone number. State of call (open/closed), duration (seconds), direction (Inbound/Outbound), media.
(If there are multiple media streams, shows data of the first one only.)
|
Policy Events
|
Drop or Detect logs
|
VoIP policy has detected a violation.
|
Source IP address, port and phone number. Destination IP address, port and phone number. Reason for log (VoIP Reject Reason and VoIP Reject Reason Information fields). Short configuration guidelines.
|
Queries can be found under:
|
|
