Open Frames Download Complete PDF Send Feedback Print This Page

Previous

VoIP Logging and Queries in SmartView Tracker

In This Section:

VoIP logging

VoIP Queries

VoIP logging

SmartView Tracker:

  • Shows detailed, protocol-specific logs for VoIP traffic.
    • There are also a number of predefined SmartView Tracker VoIP log queries. These logs supply enhanced troubleshooting capabilities.
    • SmartView Tracker logs are Accept, Drop, or Detect.

To enable VoIP logging of...

Configure the Track option to Log in the ...

VoIP calls

Security Rule Base VoIP rule

IPS protections

IPS protection

  • If VoIP logging is disabled, then only standard logging takes place, showing the source, destination and protocol information.
  • Logs SIP, H.323, MGCP and SCCP.

VoIP Queries

In SmartView Tracker, there are predefined Voice Over IP log queries.

Predefined Query

Type

When Sent

Shows

Registration Session

Accept logs

After successful registration.

Registration IP address, phone number, port, and transport protocol (TCP/UDP). Registration period (seconds). IP address of the registrar server.

Other Session

Accept logs

After response to SIP requests (such as MESSAGE or UPDATE) or response to MGCP commands (such as AUEP, AUCX, or EPCF).

Source IP address, port, and phone number. Destination IP address, port and phone number. SIP method or MGCP command type.

Security Events

Drop or Detect logs

IPS VoIP protection has detected a violation.

Source IP address, port and phone number. Destination IP address, port and phone number. Reason for log (Attack and Attack Information fields).

Call Session

Accept logs

After a call is established, and updated after the call is closed.

Source IP address, port and phone number. Destination IP address, port and phone number. State of call (open/closed), duration (seconds), direction (Inbound/Outbound), media.
(If there are multiple media streams, shows data of the first one only.)

Policy Events

Drop or Detect logs

VoIP policy has detected a violation.

Source IP address, port and phone number. Destination IP address, port and phone number. Reason for log (VoIP Reject Reason and VoIP Reject Reason Information fields). Short configuration guidelines.

Queries can be found under:

Network and Endpoint Queries > Predefined > Network Security blades > Firewall Blade > Voice over IP

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print