AudioCodes recently released a new syslog viewer named, creatively enough, “Syslog Viewer”. For those who have been working with AudioCodes gateways and SBC’s for a while, then you are probably aware of the previous syslog viewer that AudioCodes provided to assist with logging. This was the “acsyslog120.exe” application which was very bare bones and came with some really bad default settings. So before you could really use the things, most people changed the logging directory, the order in which entries were added to the log (newest on bottom, please) and a few other things.
And once acsyslog120.exe did its thing it was up to you to do all the fun troubleshooting which amounted to searching for a needle in the syslog haystack. About the only advanced feature of acsyslog120.exe was that you could go to the Help\About menu and play Space Invaders.
Sometime around July 2015, AudioCodes quietly released Syslog Viewer. You can download it from the downloads section of their website. Pick “Software/Survivable Branch Appliances/ Mediant 1000…” from the download section. Syslog Viewer will show up in the list of downloads. It’s a simple install.
So what does this new syslog app provide?
For one, it has sensible defaults. New entries to the viewer are added to the bottom and not to the top.
It also automatically colors and formats the logs similar to what acsyslog120.exe did but it looks much nicer.
The toolbar has some new icons.
From Left to right….
The first icon is used to clear out the entries form the viewer. In acsyslog120.exe this was the paint brush icon. And yes, when I first used Syslog Viewer I clicked the paintbrush icon in the middle. It didn’t do what I wanted it to.
The next button – the set of folders – is used to open an existing syslog file.
The blue diskette is used to save the incoming syslog stream to disk. If it’s blue, you’re not saving anything to disk. If it’s red, then the record-to-disk is enabled. By default, it will write the logs to c:\syslog.txt. If you click File\Write Log As… you can change the directory to somewhere not on the root of your drive.
Next is the Play icon. This is used to pause/resume the syslog listener. If you see the play icon (as in the image above) then the syslog listener is paused. If you click the play button, this icon turns to a “pause” icon.
This can be a bit confusing where you see play but it’s really paused and you see pause and it’s really playing.
To help minimize confusion, there is an area in the bottom right telling you the exact state of save-to-disk and play/pause icons.
While working with support it was always hard for them to see the syslog output when sharing my desktop due to high resolution on my laptop and remote desktop scaling issues. Syslog Viewer now includes Zoom in/Zoom Out button which smoothly increases the font size so the person at the remote end doesn’t need to squint to read the logs.
The paintbrush icon is for “external viewer” which means it opens the saved syslog in Notepad. Note that if you haven’t saved the syslog session to disk then you can’t open it in the external viewer. I’m not entirely sure why this opens in Notepad but you can go to Tools\Options and use a different app as your external viewer.
The picture frame icon disables auto scroll which might be useful if you are going through a live log and don’t want the screen constantly scrolling while you are looking at some entries.
The snow flake icon is used to freeze the display. Honestly not sure how this is different than disabling auto scroll.
Finally, we get to the sexiness. The “i” icon opens a ladder diagram or what they are calling the “SIP Flow Diagram”.
This is very similar to the ladder diagram found in Snooper. I can’t stress enough how useful this view is. No longer do you need to search for a needle in the syslog haystack. If you look at the ladder diagram, you can see exactly which devices are talking in this conversation. And if you look down towards the end, you can easily zero in on the error or issue which in this case is “403 forbidden”.
With acsyslog120.exe (or any other syslog viewer) you don’t get this view. The ability to see the conversation and quickly spot the error is a total time saver.
Now the example here is a bit silly as I dialed an invalid phone number from an analog phone that I was sending to Lync via an AudioCodes MP112. But this tool gets really powerful with more complex scenarios. If you happen to be logging and 3 or 4 (or 50) other sip conversations are happening, each SIP conversation gets its own entry making it very easy to find the call you are concerned about.
As you click on a rung on the ladder diagram, not only does it show the relevant entry in the bottom right of the SIP Flow Diagram window, but the Syslog Viewer running in the background also jumps to the same log entry so you can then see what other entries are near it.
Syslog Viewer takes AudioCodes’ primary support tool from mid-90’s era technology straight into this century.
Since this was released in mid-July, they have already updated it from version 1.0 to 1.5. So clearly AudioCodes is currently putting a lot of effort to improving this support tool.
If you manage or support AudioCodes gateways or SBC’s in any way, then I highly recommend you immediately go to the AudioCodes website and download this new tool.
For those having trouble finding it on the AudioCodes support site, maybe the below image will help.To get there, navigate to the AudioCodes downloads page. Log in to your free AudioCode account (or create one). Then set choose the settings in the dropdown boxes as seen in the image below.
Ah didn’t know it had been released already. I thought it was still in public beta. I never liked using the old syslogger and stuck to Wireshark if the traffic was encrypted. But iv beenusing this new syslogger for a while now and it kicks ass! Ladder diagrams FTW!
Flinchbot and Shawn … I'm close to loosing my wits (if any left) searching for the syslogviewer tool from audiocodes… I'm logged into their site, downloads, Software/Survivable Branch Appliances/ Mediant 1000… as you said, but it keep telling me that tere are no files…
Aaaaaaaaaaaaargh! Audiocodes!!! @#&@#
Do any of you guys have a link to the binary for the syslog viewer? I would really really really apreciate it and offer you a good Belgium beer 🙂
Currently I'm trying to script/parse their syslog into a Graylog cluster I setup… but OMG… 🙂
Maybe this screenshot will help? I didn’t find it on the first try just now either. Picking the SBA section was not at all my first guess.
Its not there anymore. Arrrrggg.
If this is sexy, take a look at the Sonus LX 2.0.
The Sonus one handles 150K messages a second while this one craps out at 1500! Looking kind of frumpy.