On Wed, Aug 31, 2011 at 10:17 AM, Jan Willamowius <[email protected]> wrote:
> Hi Robert,
>
> all messages for a call have the same callID and you can grep for
> that. Its a bit complicated by the fact that the messages are printed
> out over multiple lines, so its a job for a small Perl script or
> similar. If you want to take it a step further you can do 2 passes, one
> to find all calls for a specific endpoint ID and then collect all
> messages for those calls in the 2nd pass.
>
> Doing that server side would be a major hassle and imagine how
> inconvenient all those trace files would be if you have hundreds of
> calls at the same time.
I guess the scale of this depends on how many calls are being traced,
and I wouldn't necessarily think that it's required for each one.
Perhaps if "interest" could be registered / deregistered by either
endpoint ID or something else, then an external script could be used
to notice things are going awry and inform GnuGK that there is a
special case that needs to be treated differently.
I already have external scripts which I use to alert me when my
internal users are making calls to external IPs that are "10." or
"192.168."; since my users don't know better, if the other side calls
them and coordinates "Our IP address is 10.2.4.5", then that's what
our side will try.
If the capability to trace could be made more specific, then another
script could be looking for unconnected calls from our internal video
units to valid external IPs and just keep a timer; "x" unconnected
calls in rapid succession could send a trigger to GnuGK to start
logging to a different file for a particular IP.
Right now I have to piece together calls from the log file, and I
still don't always know what I'm looking at, and since there are a lot
of video calls in my organization it can be daunting.
For example, I had one of my sites try to place a call to an external
IP about 10 times in rapid succession. The other side is replying
with "badFormatAddress", but that doesn't mean anything to me yet, and
as the technical person for video it would be nice to go back to my
users and say, "I know you tried to call {the other side}, but it's
not our equipment, it's their's, and they've misconfigured it {this
way}. Have {their technical person} contact me so that we can get
them fixed."
2011/08/31 10:48:19.131 4 RasSrv.cxx(215) RAS
Receiving on 10.244.1.10:1719(U)
2011/08/31 10:48:19.131 2 RasSrv.cxx(173) RAS Read
from 10.244.2.24:1719
2011/08/31 10:48:19.131 3 RasSrv.cxx(223) RAS
admissionRequest {
requestSeqNum = 59932
callType = pointToPoint <<null>>
callModel = gatekeeperRouted <<null>>
endpointIdentifier = 9 characters {
0039 0038 0032 0034 005f 0065 006e 0064 9824_end
0070 p
}
destCallSignalAddress = ipAddress {
ip = 4 octets {
57 56 87 38 WV.8
}
port = 1720
}
srcInfo = 2 entries {
[0]=h323_ID 7 characters {
006e 0079 002d 0073 006f 0068 006f ny-soho
}
[1]=dialedDigits "12126449366"
}
bandWidth = 10240
callReferenceValue = 8957
conferenceID = 16 octets {
02 34 4d d4 8c 10 1b 16 16 85 21 46 07 34 5d d3 .4M.......!F.4].
}
activeMC = false
answerCall = false
canMapAlias = true
callIdentifier = {
guid = 16 octets {
02 34 4d d4 8c 10 1b 16 16 84 21 46 07 34 5d d3 .4M.......!F.4].
}
}
gatekeeperIdentifier = 3 characters {
0067 006b 0031 gk1
}
willSupplyUUIEs = false
featureSet = {
replacementFeatureSet = false
supportedFeatures = 1 entries {
[0]={
id = standard 9
}
}
}
}
2011/08/31 10:48:19.131 5 job.cxx(363) JOB Worker
threads: 10 total - 10 busy, 0 idle
2011/08/31 10:48:19.131 5 job.cxx(189) JOB
Starting Job ARQ at Worker thread 140129951807232
2011/08/31 10:48:19.131 1 RasSrv.cxx(355) RAS ARQ
Received from 10.244.2.24:1719
2011/08/31 10:48:19.131 4 h4601.cxx(1240) H460 Loaded Std 9
2011/08/31 10:48:19.131 5 Routing.h(192) ROUTING
Checking policy Explicit for the request ARQ 59932
2011/08/31 10:48:19.132 5 Routing.h(198) ROUTING Policy
Explicit applied to the request ARQ 59932
2011/08/31 10:48:19.132 3 RasSrv.cxx(2899) GK ACF
will grant bandwidth of 10240
2011/08/31 10:48:19.132 2 RasTbl.cxx(3596)
CallTable::Insert(CALL) Call No. 2341, total sessions : 10
2011/08/31 10:48:19.132 4 RasTbl.cxx(3110) RAS No
Called Endpoint for H460.24
2011/08/31 10:48:19.132 4 RasSrv.cxx(3035) RAS NAT
strategy for Call No: 2341 set to Unknown Strategy
2011/08/31 10:48:19.132 2 RasSrv.cxx(395)
ACF|10.244.2.24:1720|9824_endp|8957|87.86.135.56:1720|ny-soho:h323_ID=12126449366:dialedDigits|false|02-34-4d-d4-8c-10-1b-16-16-84-21-46-07-34-5d-d3;
2011/08/31 10:48:19.132 3 RasSrv.cxx(235) RAS Send
to 10.244.2.24:1719
admissionConfirm {
requestSeqNum = 59932
bandWidth = 10240
callModel = gatekeeperRouted <<null>>
destCallSignalAddress = ipAddress {
ip = 4 octets {
0a f4 01 0a ....
}
port = 1720
}
irrFrequency = 120
willRespondToIRR = false
uuiesRequested = {
setup = false
callProceeding = false
connect = false
alerting = false
information = false
releaseComplete = false
facility = false
progress = false
empty = false
status = false
statusInquiry = false
setupAcknowledge = false
notify = false
}
}
2011/08/31 10:48:19.132 5 RasSrv.cxx(249) RAS Sent Successful
2011/08/31 10:48:19.132 5 job.cxx(426) JOB Job ARQ deleted
2011/08/31 10:48:19.132 5 job.cxx(415) JOB Worker
threads: 10 total - 9 busy, 1 idle
2011/08/31 10:48:19.208 4 yasocket.cxx(920) TCPSrv Accept
request on 10.244.1.10:1720
2011/08/31 10:48:19.208 5 job.cxx(363) JOB Worker
threads: 10 total - 10 busy, 0 idle
2011/08/31 10:48:19.208 5 job.cxx(189) JOB
Starting Job Acceptor at Worker thread 140129951807232
2011/08/31 10:48:19.217 5 ProxyChannel.cxx(672) Q931s
Reading from 10.244.2.24:2299
2011/08/31 10:48:19.217 3 ProxyChannel.cxx(1014) Q931s
Received: Setup CRV=8957 from 10.244.2.24:2299
2011/08/31 10:48:19.217 4 ProxyChannel.cxx(957) Q931 Received: {
q931pdu = {
protocolDiscriminator = 8
callReference = 8957
from = originator
messageType = Setup
IE: Bearer-Capability = {
88 18 88 a5 ....
}
IE: Display = {
53 70 65 6e 63 65 72 20 53 74 75 61 72 74 20 4e N
59 20 2d 20 53 6f 48 6f Y - SoHo
}
IE: User-User = {
60 a8 06 00 08 91 4a 00 04 02 40 06 00 6e 00 79 `[email protected]
00 2d 00 73 00 6f 00 68 00 6f 05 00 45 45 97 7c .-.s.o.h.o..EE.|
69 92 2c b5 00 23 31 07 56 53 58 20 38 30 30 30 i.,..#1.VSX 8000
1e 52 65 6c 65 61 73 65 20 39 2e 30 2e 36 20 2d .Release 9.0.6 -
20 30 32 46 65 62 32 30 31 30 20 30 39 3a 34 33 02Feb2010 09:43
00 0a f4 01 0a 06 b8 00 02 34 4d d4 8c 10 1b 16 .........4M.....
16 85 21 46 07 34 5d d3 00 cd 0f 98 00 07 00 0a ..!F.4].........
f4 02 18 08 fb 11 00 02 34 4d d4 8c 10 1b 16 16 ........4M......
84 21 46 07 34 5d d3 01 00 01 00 13 10 00 39 00 .!F.4]........9.
38 00 32 00 34 00 5f 00 65 00 6e 00 64 00 70 01 8.2.4._.e.n.d.p.
00 01 00 01 00 01 40 10 80 01 00 00 05 0e 53 65 [email protected]
74 75 70 20 2d 20 6d 65 73 73 61 67 65 tup - message
}
}
h225pdu = {
h323_uu_pdu = {
h323_message_body = setup {
protocolIdentifier = 0.0.8.2250.0.4
sourceAddress = 2 entries {
[0]=h323_ID 7 characters {
006e 0079 002d 0073 006f 0068 006f ny-soho
}
[1]=dialedDigits "12126449366"
}
sourceInfo = {
vendor = {
vendor = {
t35CountryCode = 181
t35Extension = 0
manufacturerCode = 9009
}
productId = 8 octets {
56 53 58 20 38 30 30 30 VSX 8000
}
versionId = 31 octets {
52 65 6c 65 61 73 65 20 39 2e 30 2e 36 20 2d 20 Release 9.0.6 -
30 32 46 65 62 32 30 31 30 20 30 39 3a 34 33 02Feb2010 09:43
}
}
terminal = {
}
mc = false
undefinedNode = false
}
destCallSignalAddress = ipAddress {
ip = 4 octets {
0a f4 01 0a ....
}
port = 1720
}
activeMC = false
conferenceID = 16 octets {
02 34 4d d4 8c 10 1b 16 16 85 21 46 07 34 5d d3 .4M.......!F.4].
}
conferenceGoal = create <<null>>
callType = pointToPoint <<null>>
sourceCallSignalAddress = ipAddress {
ip = 4 octets {
0a f4 02 18 ....
}
port = 2299
}
callIdentifier = {
guid = 16 octets {
02 34 4d d4 8c 10 1b 16 16 84 21 46 07 34 5d d3 .4M.......!F.4].
}
}
mediaWaitForConnect = false
canOverlapSend = false
endpointIdentifier = 9 characters {
0039 0038 0032 0034 005f 0065 006e 0064 9824_end
0070 p
}
multipleCalls = false
maintainConnection = false
presentationIndicator = presentationAllowed <<null>>
screeningIndicator = userProvidedVerifiedAndFailed
}
h245Tunneling = false
}
user_data = {
protocol_discriminator = 5
user_information = 15 octets {
53 65 74 75 70 20 2d 20 6d 65 73 73 61 67 65 Setup - message
}
}
}
}
2011/08/31 10:48:19.217 2 gkacct.cxx(955) GKACCT
Successfully logged event 1 for call no. 2341
2011/08/31 10:48:19.218 3 ProxyChannel.cxx(2904) Q931s Call
2341 is NAT type 0
2011/08/31 10:48:19.218 5 Toolkit.cxx(571) ModeSelection
for 10.244.2.24 -> 87.86.135.56 default=3
2011/08/31 10:48:19.218 5 Toolkit.cxx(604) ModeSelection:
Only rule for IP 1 = 10.244.2.24 mode=3
2011/08/31 10:48:19.218 1 ProxyChannel.cxx(859) Call 2341:
h245Routed=1 proxy=1
2011/08/31 10:48:19.218 3 ProxyChannel.cxx(876) GK Call
2341 proxy enabled
2011/08/31 10:48:19.218 4 ProxyChannel.cxx(957) Q931 Send
to 87.86.135.56:1720 {
q931pdu = {
protocolDiscriminator = 8
callReference = 8957
from = originator
messageType = Setup
IE: Bearer-Capability = {
88 18 88 a5 ....
}
IE: Display = {
53 70 65 6e 63 65 72 20 53 74 75 61 72 74 20 4e N
59 20 2d 20 53 6f 48 6f Y - SoHo
}
IE: User-User = {
60 a8 06 00 08 91 4a 00 04 02 40 06 00 6e 00 79 `[email protected]
00 2d 00 73 00 6f 00 68 00 6f 05 00 45 45 97 7c .-.s.o.h.o..EE.|
69 92 2c b5 00 23 31 07 56 53 58 20 38 30 30 30 i.,..#1.VSX 8000
1e 52 65 6c 65 61 73 65 20 39 2e 30 2e 36 20 2d .Release 9.0.6 -
20 30 32 46 65 62 32 30 31 30 20 30 39 3a 34 33 02Feb2010 09:43
00 57 56 87 38 06 b8 00 02 34 4d d4 8c 10 1b 16 .WV.8....4M.....
16 85 21 46 07 34 5d d3 00 7d 0d 98 07 00 26 7c ..!F.4]..}....&|
27 fe 06 b8 11 00 02 34 4d d4 8c 10 1b 16 16 84 '......4M.......
21 46 07 34 5d d3 01 00 01 00 01 00 01 00 01 00 !F.4]...........
01 40 02 80 01 00 00 05 0e 53 65 74 75 70 20 2d [email protected] -
20 6d 65 73 73 61 67 65 message
}
}
h225pdu = {
h323_uu_pdu = {
h323_message_body = setup {
protocolIdentifier = 0.0.8.2250.0.4
sourceAddress = 2 entries {
[0]=h323_ID 7 characters {
006e 0079 002d 0073 006f 0068 006f ny-soho
}
[1]=dialedDigits "12126449366"
}
sourceInfo = {
vendor = {
vendor = {
t35CountryCode = 181
t35Extension = 0
manufacturerCode = 9009
}
productId = 8 octets {
56 53 58 20 38 30 30 30 VSX 8000
}
versionId = 31 octets {
52 65 6c 65 61 73 65 20 39 2e 30 2e 36 20 2d 20 Release 9.0.6 -
30 32 46 65 62 32 30 31 30 20 30 39 3a 34 33 02Feb2010 09:43
}
}
terminal = {
}
mc = false
undefinedNode = false
}
destCallSignalAddress = ipAddress {
ip = 4 octets {
57 56 87 38 WV.8
}
port = 1720
}
activeMC = false
conferenceID = 16 octets {
02 34 4d d4 8c 10 1b 16 16 85 21 46 07 34 5d d3 .4M.......!F.4].
}
conferenceGoal = create <<null>>
callType = pointToPoint <<null>>
sourceCallSignalAddress = ipAddress {
ip = 4 octets {
26 7c 27 fe &|'.
}
port = 1720
}
callIdentifier = {
guid = 16 octets {
02 34 4d d4 8c 10 1b 16 16 84 21 46 07 34 5d d3 .4M.......!F.4].
}
}
mediaWaitForConnect = false
canOverlapSend = false
multipleCalls = false
maintainConnection = false
presentationIndicator = presentationAllowed <<null>>
screeningIndicator = userProvidedVerifiedAndFailed
}
h245Tunneling = false
}
user_data = {
protocol_discriminator = 5
user_information = 15 octets {
53 65 74 75 70 20 2d 20 6d 65 73 73 61 67 65 Setup - message
}
}
}
}
2011/08/31 10:48:19.335 3 ProxyChannel.cxx(4736) Q931
Connect to 87.86.135.56:1720 from 38.124.39.254:30667 successful
2011/08/31 10:48:19.471 5 ProxyChannel.cxx(7136) ProxyH(0)
total sockets 6
2011/08/31 10:48:19.471 5 job.cxx(426) JOB Job
Acceptor deleted
2011/08/31 10:48:19.471 5 job.cxx(415) JOB Worker
threads: 10 total - 9 busy, 1 idle
2011/08/31 10:48:19.549 5 ProxyChannel.cxx(672) Q931d
Reading from 87.86.135.56:1720
2011/08/31 10:48:19.549 3 ProxyChannel.cxx(1014) Q931d
Received: ReleaseComplete CRV=8957 from 87.86.135.56:1720
2011/08/31 10:48:19.549 4 ProxyChannel.cxx(957) Q931 Received: {
q931pdu = {
protocolDiscriminator = 8
callReference = 8957
from = destination
messageType = ReleaseComplete
IE: User-User = {
25 c0 06 00 08 91 4a 00 05 40 88 c8 11 00 02 34 %[email protected]
4d d4 8c 10 1b 16 16 84 21 46 07 34 5d d3 01 00 M.......!F.4]...
01 40 04 70 00 00 00 02 80 01 00 [email protected].......
}
}
h225pdu = {
h323_uu_pdu = {
h323_message_body = releaseComplete {
protocolIdentifier = 0.0.8.2250.0.5
reason = badFormatAddress <<null>>
callIdentifier = {
guid = 16 octets {
02 34 4d d4 8c 10 1b 16 16 84 21 46 07 34 5d d3 .4M.......!F.4].
}
}
presentationIndicator = presentationAllowed <<null>>
screeningIndicator = userProvidedVerifiedAndFailed
featureSet = {
replacementFeatureSet = false
neededFeatures = 0 entries {
}
desiredFeatures = 0 entries {
}
supportedFeatures = 0 entries {
}
}
}
h245Tunneling = false
}
}
}
2011/08/31 10:48:19.549 1 RasTbl.cxx(4072) CDR|2341|02 34
4d d4 8c 10 1b 16 16 84 21 46 07 34 5d d3|0|unconnected|Wed, 31 Aug
2011 10:48:19 -0500|10.244.2.24:2299|9824_endp|87.86.135.56:1720|
|87.86.135.56:1720|ny-soho:h323_ID=12126449366:dialedDigits|gk1;
2011/08/31 10:48:19.550 5 gkacct.cxx(730) GKACCT
FileAcct - CDR string for event 2, call no. 2341: 2341|0
seconds||10:48:19.000 CDT Wed Aug 31
2011|10.244.2.24|87.86.135.56|From: ny-soho
ny-soho:h323_ID=12126449366:dialedDigits|To: 87.86.135.56:1720|10240;
2011/08/31 10:48:19.550 3 gkacct.cxx(915) GKACCT
FileAcct logged event 2 for call no. 2341
2011/08/31 10:48:19.550 2 gkacct.cxx(955) GKACCT
Successfully logged event 2 for call no. 2341
2011/08/31 10:48:19.550 4 ProxyChannel.cxx(957) Q931 Send
to 10.244.2.24:2299 {
q931pdu = {
protocolDiscriminator = 8
callReference = 8957
from = destination
messageType = ReleaseComplete
IE: User-User = {
25 c0 06 00 08 91 4a 00 05 40 88 c8 11 00 02 34 %[email protected]
4d d4 8c 10 1b 16 16 84 21 46 07 34 5d d3 01 00 M.......!F.4]...
01 40 04 70 00 00 00 02 80 01 00 [email protected].......
}
}
h225pdu = {
h323_uu_pdu = {
h323_message_body = releaseComplete {
protocolIdentifier = 0.0.8.2250.0.5
reason = badFormatAddress <<null>>
callIdentifier = {
guid = 16 octets {
02 34 4d d4 8c 10 1b 16 16 84 21 46 07 34 5d d3 .4M.......!F.4].
}
}
presentationIndicator = presentationAllowed <<null>>
screeningIndicator = userProvidedVerifiedAndFailed
featureSet = {
replacementFeatureSet = false
neededFeatures = 0 entries {
}
desiredFeatures = 0 entries {
}
supportedFeatures = 0 entries {
}
}
}
h245Tunneling = false
}
}
}
2011/08/31 10:48:19.597 4 RasSrv.cxx(215) RAS
Receiving on 10.244.1.10:1719(U)
2011/08/31 10:48:19.598 2 RasSrv.cxx(173) RAS Read
from 10.244.2.24:1719
2011/08/31 10:48:19.599 3 RasSrv.cxx(223) RAS
disengageRequest {
requestSeqNum = 59933
endpointIdentifier = 9 characters {
0039 0038 0032 0034 005f 0065 006e 0064 9824_end
0070 p
}
conferenceID = 16 octets {
02 34 4d d4 8c 10 1b 16 16 85 21 46 07 34 5d d3 .4M.......!F.4].
}
callReferenceValue = 8957
disengageReason = normalDrop <<null>>
callIdentifier = {
guid = 16 octets {
02 34 4d d4 8c 10 1b 16 16 84 21 46 07 34 5d d3 .4M.......!F.4].
}
}
gatekeeperIdentifier = 3 characters {
0067 006b 0031 gk1
}
answeredCall = false
}
2011/08/31 10:48:19.599 5 job.cxx(363) JOB Worker
threads: 10 total - 10 busy, 0 idle
2011/08/31 10:48:19.599 5 job.cxx(189) JOB
Starting Job DRQ at Worker thread 140129951807232
2011/08/31 10:48:19.599 1 RasSrv.cxx(355) RAS DRQ
Received from 10.244.2.24:1719
2011/08/31 10:48:19.599 4 RasSrv.cxx(3270) GK DRQ:
closed conference
2011/08/31 10:48:19.599 2 RasSrv.cxx(395)
DCF|10.244.2.24|9824_endp|8957|normalDrop|02-34-4d-d4-8c-10-1b-16-16-84-21-46-07-34-5d-d3;
2011/08/31 10:48:19.599 3 RasSrv.cxx(235) RAS Send
to 10.244.2.24:1719
disengageConfirm {
requestSeqNum = 59933
}
2011/08/31 10:48:19.599 5 RasSrv.cxx(249) RAS Sent Successful
2011/08/31 10:48:19.599 5 job.cxx(426) JOB Job DRQ deleted
2011/08/31 10:48:19.599 5 job.cxx(415) JOB Worker
threads: 10 total - 9 busy, 1 idle
2011/08/31 10:48:19.636 5 ProxyChannel.cxx(672) Q931s
Reading from 10.244.2.24:2299
2011/08/31 10:48:19.636 5 yasocket.cxx(659) Q931s
10.244.2.24:2299 closed by remote
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________________
Posting: mailto:[email protected]
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
