-
-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audiocodes SBC syslog #75
Comments
It's not that simple :) The current attempt will not produce any results. pastash can receive the syslog input, but needs help converting it into a format we can use. The key here is to find a correlation vector from syslog to our realm. Is there any information in your syslog we can correlate back to a SIP session detail? S? BID? If so, we can build a parser (check out the Ribbon example for a reference) to convert the messages to either SIP HEP (1) or LOG HEP (100) to be sent to Homer. For some products, we look for an internal correlation ID and map it to ephemeral elements which might appear in the flow. |
Yes, we could use It means: Can this help you? |
This comment has been minimized.
This comment has been minimized.
The SIP parsing part is quite simple and in-line with other syslog extractors we have for Sonus/Ribbon/Avaya/etc.
The application would have to be provisioned with an array of IP:PORT equivalents for those |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
The output on screen will not be much relevant. Could you show me your full pastash recipe with the new filter?
Mind this is unlikely to work as is, its never been tested and a pure work of theory. You'll have to hack a little :) |
Don't forget you need to also find a way to provide your realms or your SBC will always look as 127.0.0.1:5060 without Aliases. If you provide some examples for the parts i've explained are missing, we might be able to make progress on that too. |
HI,
pastash_audiocodes.conf:
input {
udp {
host => 0.0.0.0
port => 514
type => syslog
}
}
filter {
app_audiocodes {}
}
output {
stdout{}
if [rcinfo] != 'undefined' {
hep {
host => '10.160.21.80'
port => 9069
hep_id => 100
hep_type => 1
}
}
}
Il giorno gio 17 dic 2020 alle ore 23:58 Lorenzo Mangani <
notifications@github.com> ha scritto:
… Don't forget you need to also find a way to provide your realms or your
SBC will always look as 127.0.0.1:5060 without Aliases. If you provide
some examples for the parts i've explained are missing, we might be able to
make progress on that too.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#75 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHRIEAMEK4RM2YGSE5XVTPTSVKEKJANCNFSM4U72QSPA>
.
|
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Then the script is failing to parse and we need to debug it further. Do run this for a few minutes with traffic to get us something to work with consistently - check if the file is created it should have the data in the JSON format pastash uses internally.
I'll test it domani ;) |
Audiocodes works i bit complicated way. It use 'entities' (like ATA) and to
this entity is associated a sip interface and to that sip interface is
associated a network interface.
This is way ( i suppose) we cannot see directly IP:PORT on syslog.
But, we could think to put inside 'pastash_audiocodes.conf' a "MAPPING" of
that name to an IP:PORT (I know it because i ve configured on Audiocodes
sbc).
Does should work?
The name of the "trunk" or whatever seems to be inside the parenthesis, ATA in
this example below possibly?
…---- Incoming SIP Message from 10.160.21.21:5060 to SIPInterface #3
(ATA) UDP TO(#3) ----
NOTE: The parsing format of the syslog events and the txt are different
enough to cause issues so i'm basing this on the syslog format
Il giorno ven 18 dic 2020 alle ore 00:20 Agiftel Longwave <agiftel@gmail.com>
ha scritto:
Strange. 'ngrep -W byline port 9069 -d any' outputs nothing.
port 9069 is my choice, yes.
Il giorno ven 18 dic 2020 alle ore 00:12 Lorenzo Mangani <
***@***.***> ha scritto:
> Ok next run ngrep -W byline port 9069 -d any to check if any HEP
> messages are being sent. I assume the non-standard port for HEP is your
> choice, default would be 9060 for HOMER.
>
> The name of the "trunk" or whatever seems to be inside the parenthesis,
> ATA in this example below possibly?
>
> ---- Incoming SIP Message from 10.160.21.21:5060 to SIPInterface #3 (ATA) UDP TO(#3) ----
>
> NOTE: The parsing format of the syslog events and the txt are different
> enough to cause issues so i'm basing this on the syslog format
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#75 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AHRIEAKVNPVTNJVMDUALFPLSVKF57ANCNFSM4U72QSPA>
> .
>
|
We will end up adding some custom config to the filter eventually, but first we need to parse this right. It's a step by step process. I see some other IPs in the logs referring to interfaces, but only you can tell us what's relevant and what's not. |
File is created but is not in JSON format at all.
It looks like the same as output on cli console.
here a snippet of file output:
[Time:18-12@01:33:23.753]
<133>[S=1506269] [SID=b9027c:24:173590] (N 6034578)
(#12)gwSession[Deallocated]
[Time:18-12@01:33:23.768]
<135>[S=1506270] [BID=b9027c:24] DnsGetAddrInfo: CacheEntry == NULL
ai_family[2] [File:DnsApi_Linux.cpp Line:1690] [Time:18-12@01:33:23.904]
<135>[S=1506271] [BID=b9027c:24] _DnsSendQuery status 8
[File:DnsApi_Linux.cpp Line:1430] [Time:18-12@01:33:23.904]
<133>[S=1506272] [BID=b9027c:24] (N 6034579) SIPServersIPList::ResolveDNS
(ProxySet 2) - Starting resolution of sip.pstnhub.microsoft.com
(N 6034580) HandleARecordQuery - Host:sip.pstnhub.microsoft.com is not in
cache, setting timer
[Time:18-12@01:33:23.904]
<135>[S=1506273] [BID=b9027c:24] _DnsCallback: end query recieved
_GetInterfaceIndexByCtx(ctx) 1, q->qtyp 1 q->name sip.pstnhub.microsoft.com,
p.dnsp_ttl 7 [File:DnsApi_Linux.cpp Line:1390] [Time:18-12@01:33:23.931]
<135>[S=1506274] [BID=b9027c:24] _DnsUpdateCacheEntryAddrInfo: update addr
for query sip.pstnhub.microsoft.com [File:DnsApi_Linux.cpp Line:360]
[Time:18-12@01:33:23.931]
<135>[S=1506275] [BID=b9027c:24] sip.pstnhub.microsoft.com resolved to
52.114.76.76 [File:DnsApi_Linux.cpp Line:313] [Time:18-12@01:33:23.931]
<135>[S=1506276] [BID=b9027c:24] DnsGetAddrInfo: hostname exists in cache
sin_family[2] IPAddr[0x34724c4c] [File:DnsApi_Linux.cpp Line:1743]
[Time:18-12@01:33:23.964]
<135>[S=1506277] [BID=b9027c:24] DnsGetAddrInfo: CacheEntry == NULL
ai_family[2] [File:DnsApi_Linux.cpp Line:1690] [Time:18-12@01:33:23.964]
<135>[S=1506278] [BID=b9027c:24] _DnsSendQuery status 8
[File:DnsApi_Linux.cpp Line:1430] [Time:18-12@01:33:23.964]
<133>[S=1506279] [BID=b9027c:24] (N 6034581)
DNSResolver::HandleTimerExpiredOnWaitForARecord: host:
sip.pstnhub.microsoft.com
(N 6034582) DNSResolver::HandleTimerExpOnWaitARecord - Host:
sip.pstnhub.microsoft.com resolved in external table
(N 6034583) SIPServersIPList::AddResolvedProxiesIPToList (ProxySet 2) -
sip.pstnhub.microsoft.com was resolved by DNS to 52.114.76.76
(N 6034584) SIPServersIPList::ResolveDNS (ProxySet 2) - Starting
resolution of sip2.pstnhub.microsoft.com
(N 6034585) HandleARecordQuery - Host:sip2.pstnhub.microsoft.com is not in
cache, setting timer
[Time:18-12@01:33:23.965]
<135>[S=1506280] [BID=b9027c:24] _DnsCallback: end query recieved
_GetInterfaceIndexByCtx(ctx) 1, q->qtyp 1 q->name sip2.pstnhub.microsoft.com,
p.dnsp_ttl 5 [File:DnsApi_Linux.cpp Line:1390] [Time:18-12@01:33:24.025]
<135>[S=1506281] [BID=b9027c:24] _DnsUpdateCacheEntryAddrInfo: update addr
for query sip2.pstnhub.microsoft.com [File:DnsApi_Linux.cpp Line:360]
[Time:18-12@01:33:24.025]
<135>[S=1506282] [BID=b9027c:24] sip2.pstnhub.microsoft.com resolved to
52.114.132.46 [File:DnsApi_Linux.cpp Line:313] [Time:18-12@01:33:24.025]
<135>[S=1506283] [BID=b9027c:24] DnsGetAddrInfo: hostname exists in cache
sin_family[2] IPAddr[0x3472842e] [File:DnsApi_Linux.cpp Line:1743]
[Time:18-12@01:33:24.025]
<135>[S=1506284] [BID=b9027c:24] DnsGetAddrInfo: CacheEntry == NULL
ai_family[2] [File:DnsApi_Linux.cpp Line:1690] [Time:18-12@01:33:24.025]
<135>[S=1506285] [BID=b9027c:24] _DnsSendQuery status 8
[File:DnsApi_Linux.cpp Line:1430] [Time:18-12@01:33:24.025]
<133>[S=1506286] [BID=b9027c:24] (N 6034586)
DNSResolver::HandleTimerExpiredOnWaitForARecord: host:
sip2.pstnhub.microsoft.com
(N 6034587) DNSResolver::HandleTimerExpOnWaitARecord - Host:
sip2.pstnhub.microsoft.com resolved in external table
(N 6034588) SIPServersIPList::AddResolvedProxiesIPToList (ProxySet 2) -
sip2.pstnhub.microsoft.com was resolved by DNS to 52.114.132.46
(N 6034589) SIPServersIPList::ResolveDNS (ProxySet 2) - Starting
resolution of sip3.pstnhub.microsoft.com
(N 6034590) HandleARecordQuery - Host:sip3.pstnhub.microsoft.com is not in
cache, setting timer
[Time:18-12@01:33:24.025]
<135>[S=1506287] [BID=b9027c:24] _DnsCallback: end query recieved
_GetInterfaceIndexByCtx(ctx) 1, q->qtyp 1 q->name sip3.pstnhub.microsoft.com,
p.dnsp_ttl 4 [File:DnsApi_Linux.cpp Line:1390] [Time:18-12@01:33:24.085]
<135>[S=1506288] [BID=b9027c:24] _DnsUpdateCacheEntryAddrInfo: update addr
for query sip3.pstnhub.microsoft.com [File:DnsApi_Linux.cpp Line:360]
[Time:18-12@01:33:24.085]
<135>[S=1506289] [BID=b9027c:24] sip3.pstnhub.microsoft.com resolved to
52.114.7.24 [File:DnsApi_Linux.cpp Line:313] [Time:18-12@01:33:24.085]
<135>[S=1506290] [BID=b9027c:24] DnsGetAddrInfo: hostname exists in cache
sin_family[2] IPAddr[0x34720718] [File:DnsApi_Linux.cpp Line:1743]
[Time:18-12@01:33:24.086]
<133>[S=1506291] [BID=b9027c:24] (N 6034591)
DNSResolver::HandleTimerExpiredOnWaitForARecord: host:
sip3.pstnhub.microsoft.com
(N 6034592) DNSResolver::HandleTimerExpOnWaitARecord - Host:
sip3.pstnhub.microsoft.com resolved in external table
(N 6034593) SIPServersIPList::AddResolvedProxiesIPToList (ProxySet 2) -
sip3.pstnhub.microsoft.com was resolved by DNS to 52.114.7.24
(N 6034594) SIPServersIPList::UpdateList (ProxySet 2) - Update process
finished
[Time:18-12@01:33:24.086]
<133>[S=1506292] [SID=b9027c:24:173586] (N 6034595) States:
(#1277)AcSIPCall[Disconnected->Idle]
(#1277)AcSIPCall[Deallocated]
[Time:18-12@01:33:27.502]
<133>[S=1506293] [SID=b9027c:24:173586] (N 6034596)
(#1)gwSession[Deallocated]
[Time:18-12@01:33:27.502]
<133>[S=1506294] [SID=b9027c:24:173591] (N 6034597)
(#130)gwSession[Allocated]. Handle:00007FCCBDDC0338; Global session ID:
9b0473e38959a95a
(N 6034598) SIPEntity::PrepareConfigurationData: Setting persistent
connection to proxy: 52.114.132.46:5061
(N 6034599) SIPAppMngr::GetControlIPAddress - Near NAT translation found
for SIP Interface 2. Translated IP Address 82.185.88.164:5061
(N 6034600) States: (#1260)AcSIPDialog[Allocated]
(N 6034601) AcSIPDialog(#1260): Handling DIALOG_INIT_REQ in state
DialogIdle
(N 6034602) States: (#1260)AcSIPDialog[DialogIdle->DialogInitiated]
(N 6034603) AcSIPDialog(#1260): Handling GENERAL_REQ in state
DialogInitiated
(N 6034604) ---- Outgoing SIP Message to 52.114.132.46:5061 from
SIPInterface #2 (Teams) TLS TO(#10) SocketID(168) ----
[Time:18-12@01:33:36.888]
<133>[S=1506295] [SID=b9027c:24:173591] OPTIONS sip:10.160.111.51 SIP/2.0
Via: SIP/2.0/TLS sbc.llspa.it:5061;alias;branch=z9hG4bKac109712278
Max-Forwards: 70
From: <sip:10.160.111.51>;tag=1c1344704966
To: <sip:10.160.111.51>
Call-ID: 7878403091812202013336@sbc.llspa.it
CSeq: 1 OPTIONS
Contact: <sip:sbc.llspa.it:5061;transport=tls>
Allow:
REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE
User-Agent: LLSBC Laboratorio/v.7.20A.260.012
Accept: application/sdp, application/simple-message-summary,
message/sipfrag
Content-Length: 0
[Time:18-12@01:33:36.888]
<133>[S=1506296] [SID=b9027c:24:173591] (N 6034605) ---- Incoming SIP
Message from 52.114.132.46:5061 to SIPInterface #2 (Teams) TLS TO(#10)
SocketID(168) ----
SIP/2.0 200 OK
FROM: <sip:10.160.111.51>;tag=1c1344704966
TO: <sip:10.160.111.51>
CSEQ: 1 OPTIONS
CALL-ID: 7878403091812202013336@sbc.llspa.it
VIA: SIP/2.0/TLS sbc.llspa.it:5061;branch=z9hG4bKac109712278
CONTENT-LENGTH: 0
ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY
SERVER: Microsoft.PSTNHub.SIPProxy v.2020.12.7.3 i.USEA.6
Il giorno ven 18 dic 2020 alle ore 00:23 Lorenzo Mangani <
notifications@github.com> ha scritto:
… Then the script is failing to parse and we need to debug it further. Do
run this for a few minutes with traffic to get us something to work with
consistently - check if the file is created it should have the data in the
JSON format pastash uses internally.
input {
udp {
host => 0.0.0.0
port => 514
type => syslog
}
}
output {
file {
path => /tmp/syslog.dump
}
}
I'll test it domani ;)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#75 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHRIEANCPKHC6RAGPRIE4JDSVKHGHANCNFSM4U72QSPA>
.
|
For now....Buonanotte ;-)
Il giorno ven 18 dic 2020 alle ore 00:37 Agiftel Longwave <agiftel@gmail.com>
ha scritto:
… File is created but is not in JSON format at all.
It looks like the same as output on cli console.
here a snippet of file output:
***@***.***:33:23.753]
<133>[S=1506269] [SID=b9027c:24:173590] (N 6034578)
(#12)gwSession[Deallocated]
***@***.***:33:23.768]
<135>[S=1506270] [BID=b9027c:24] DnsGetAddrInfo: CacheEntry == NULL
ai_family[2] [File:DnsApi_Linux.cpp Line:1690] ***@***.***:33:23.904]
<135>[S=1506271] [BID=b9027c:24] _DnsSendQuery status 8
[File:DnsApi_Linux.cpp Line:1430] ***@***.***:33:23.904]
<133>[S=1506272] [BID=b9027c:24] (N 6034579)
SIPServersIPList::ResolveDNS (ProxySet 2) - Starting resolution of
sip.pstnhub.microsoft.com
(N 6034580) HandleARecordQuery - Host:sip.pstnhub.microsoft.com is not
in cache, setting timer
***@***.***:33:23.904]
<135>[S=1506273] [BID=b9027c:24] _DnsCallback: end query recieved
_GetInterfaceIndexByCtx(ctx) 1, q->qtyp 1 q->name
sip.pstnhub.microsoft.com, p.dnsp_ttl 7 [File:DnsApi_Linux.cpp Line:1390]
***@***.***:33:23.931]
<135>[S=1506274] [BID=b9027c:24] _DnsUpdateCacheEntryAddrInfo: update
addr for query sip.pstnhub.microsoft.com [File:DnsApi_Linux.cpp Line:360]
***@***.***:33:23.931]
<135>[S=1506275] [BID=b9027c:24] sip.pstnhub.microsoft.com resolved to
52.114.76.76 [File:DnsApi_Linux.cpp Line:313] ***@***.***:33:23.931]
<135>[S=1506276] [BID=b9027c:24] DnsGetAddrInfo: hostname exists in cache
sin_family[2] IPAddr[0x34724c4c] [File:DnsApi_Linux.cpp Line:1743]
***@***.***:33:23.964]
<135>[S=1506277] [BID=b9027c:24] DnsGetAddrInfo: CacheEntry == NULL
ai_family[2] [File:DnsApi_Linux.cpp Line:1690] ***@***.***:33:23.964]
<135>[S=1506278] [BID=b9027c:24] _DnsSendQuery status 8
[File:DnsApi_Linux.cpp Line:1430] ***@***.***:33:23.964]
<133>[S=1506279] [BID=b9027c:24] (N 6034581)
DNSResolver::HandleTimerExpiredOnWaitForARecord: host:
sip.pstnhub.microsoft.com
(N 6034582) DNSResolver::HandleTimerExpOnWaitARecord - Host:
sip.pstnhub.microsoft.com resolved in external table
(N 6034583) SIPServersIPList::AddResolvedProxiesIPToList (ProxySet 2) -
sip.pstnhub.microsoft.com was resolved by DNS to 52.114.76.76
(N 6034584) SIPServersIPList::ResolveDNS (ProxySet 2) - Starting
resolution of sip2.pstnhub.microsoft.com
(N 6034585) HandleARecordQuery - Host:sip2.pstnhub.microsoft.com is not
in cache, setting timer
***@***.***:33:23.965]
<135>[S=1506280] [BID=b9027c:24] _DnsCallback: end query recieved
_GetInterfaceIndexByCtx(ctx) 1, q->qtyp 1 q->name
sip2.pstnhub.microsoft.com, p.dnsp_ttl 5 [File:DnsApi_Linux.cpp
Line:1390] ***@***.***:33:24.025]
<135>[S=1506281] [BID=b9027c:24] _DnsUpdateCacheEntryAddrInfo: update
addr for query sip2.pstnhub.microsoft.com [File:DnsApi_Linux.cpp
Line:360] ***@***.***:33:24.025]
<135>[S=1506282] [BID=b9027c:24] sip2.pstnhub.microsoft.com resolved to
52.114.132.46 [File:DnsApi_Linux.cpp Line:313] ***@***.***:33:24.025]
<135>[S=1506283] [BID=b9027c:24] DnsGetAddrInfo: hostname exists in cache
sin_family[2] IPAddr[0x3472842e] [File:DnsApi_Linux.cpp Line:1743]
***@***.***:33:24.025]
<135>[S=1506284] [BID=b9027c:24] DnsGetAddrInfo: CacheEntry == NULL
ai_family[2] [File:DnsApi_Linux.cpp Line:1690] ***@***.***:33:24.025]
<135>[S=1506285] [BID=b9027c:24] _DnsSendQuery status 8
[File:DnsApi_Linux.cpp Line:1430] ***@***.***:33:24.025]
<133>[S=1506286] [BID=b9027c:24] (N 6034586)
DNSResolver::HandleTimerExpiredOnWaitForARecord: host:
sip2.pstnhub.microsoft.com
(N 6034587) DNSResolver::HandleTimerExpOnWaitARecord - Host:
sip2.pstnhub.microsoft.com resolved in external table
(N 6034588) SIPServersIPList::AddResolvedProxiesIPToList (ProxySet 2) -
sip2.pstnhub.microsoft.com was resolved by DNS to 52.114.132.46
(N 6034589) SIPServersIPList::ResolveDNS (ProxySet 2) - Starting
resolution of sip3.pstnhub.microsoft.com
(N 6034590) HandleARecordQuery - Host:sip3.pstnhub.microsoft.com is not
in cache, setting timer
***@***.***:33:24.025]
<135>[S=1506287] [BID=b9027c:24] _DnsCallback: end query recieved
_GetInterfaceIndexByCtx(ctx) 1, q->qtyp 1 q->name
sip3.pstnhub.microsoft.com, p.dnsp_ttl 4 [File:DnsApi_Linux.cpp
Line:1390] ***@***.***:33:24.085]
<135>[S=1506288] [BID=b9027c:24] _DnsUpdateCacheEntryAddrInfo: update
addr for query sip3.pstnhub.microsoft.com [File:DnsApi_Linux.cpp
Line:360] ***@***.***:33:24.085]
<135>[S=1506289] [BID=b9027c:24] sip3.pstnhub.microsoft.com resolved to
52.114.7.24 [File:DnsApi_Linux.cpp Line:313] ***@***.***:33:24.085]
<135>[S=1506290] [BID=b9027c:24] DnsGetAddrInfo: hostname exists in cache
sin_family[2] IPAddr[0x34720718] [File:DnsApi_Linux.cpp Line:1743]
***@***.***:33:24.086]
<133>[S=1506291] [BID=b9027c:24] (N 6034591)
DNSResolver::HandleTimerExpiredOnWaitForARecord: host:
sip3.pstnhub.microsoft.com
(N 6034592) DNSResolver::HandleTimerExpOnWaitARecord - Host:
sip3.pstnhub.microsoft.com resolved in external table
(N 6034593) SIPServersIPList::AddResolvedProxiesIPToList (ProxySet 2) -
sip3.pstnhub.microsoft.com was resolved by DNS to 52.114.7.24
(N 6034594) SIPServersIPList::UpdateList (ProxySet 2) - Update process
finished
***@***.***:33:24.086]
<133>[S=1506292] [SID=b9027c:24:173586] (N 6034595) States:
(#1277)AcSIPCall[Disconnected->Idle]
(#1277)AcSIPCall[Deallocated]
***@***.***:33:27.502]
<133>[S=1506293] [SID=b9027c:24:173586] (N 6034596)
(#1)gwSession[Deallocated]
***@***.***:33:27.502]
<133>[S=1506294] [SID=b9027c:24:173591] (N 6034597)
(#130)gwSession[Allocated]. Handle:00007FCCBDDC0338; Global session ID:
9b0473e38959a95a
(N 6034598) SIPEntity::PrepareConfigurationData: Setting persistent
connection to proxy: 52.114.132.46:5061
(N 6034599) SIPAppMngr::GetControlIPAddress - Near NAT translation found
for SIP Interface 2. Translated IP Address 82.185.88.164:5061
(N 6034600) States: (#1260)AcSIPDialog[Allocated]
(N 6034601) AcSIPDialog(#1260): Handling DIALOG_INIT_REQ in state
DialogIdle
(N 6034602) States: (#1260)AcSIPDialog[DialogIdle->DialogInitiated]
(N 6034603) AcSIPDialog(#1260): Handling GENERAL_REQ in state
DialogInitiated
(N 6034604) ---- Outgoing SIP Message to 52.114.132.46:5061 from
SIPInterface #2 (Teams) TLS TO(#10) SocketID(168) ----
***@***.***:33:36.888]
<133>[S=1506295] [SID=b9027c:24:173591] OPTIONS sip:10.160.111.51 SIP/2.0
Via: SIP/2.0/TLS sbc.llspa.it:5061;alias;branch=z9hG4bKac109712278
Max-Forwards: 70
From: <sip:10.160.111.51>;tag=1c1344704966
To: <sip:10.160.111.51>
Call-ID: ***@***.***
CSeq: 1 OPTIONS
Contact: <sip:sbc.llspa.it:5061;transport=tls>
Allow:
REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE
User-Agent: LLSBC Laboratorio/v.7.20A.260.012
Accept: application/sdp, application/simple-message-summary,
message/sipfrag
Content-Length: 0
***@***.***:33:36.888]
<133>[S=1506296] [SID=b9027c:24:173591] (N 6034605) ---- Incoming SIP
Message from 52.114.132.46:5061 to SIPInterface #2 (Teams) TLS TO(#10)
SocketID(168) ----
SIP/2.0 200 OK
FROM: <sip:10.160.111.51>;tag=1c1344704966
TO: <sip:10.160.111.51>
CSEQ: 1 OPTIONS
CALL-ID: ***@***.***
VIA: SIP/2.0/TLS sbc.llspa.it:5061;branch=z9hG4bKac109712278
CONTENT-LENGTH: 0
ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY
SERVER: Microsoft.PSTNHub.SIPProxy v.2020.12.7.3 i.USEA.6
Il giorno ven 18 dic 2020 alle ore 00:23 Lorenzo Mangani <
***@***.***> ha scritto:
> Then the script is failing to parse and we need to debug it further. Do
> run this for a few minutes with traffic to get us something to work with
> consistently - check if the file is created it should have the data in the
> JSON format pastash uses internally.
>
> input {
> udp {
> host => 0.0.0.0
> port => 514
> type => syslog
> }
> }
>
> output {
> file {
> path => /tmp/syslog.dump
> }
> }
>
> I'll test it domani ;)
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#75 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AHRIEANCPKHC6RAGPRIE4JDSVKHGHANCNFSM4U72QSPA>
> .
>
|
That's perfect, sorry if I confused you, this will simply allow reimporting it into the JSON format pastash uses. |
Pushed a new version which SHOULD produce some output, feel free to try it out:
todo:
|
Great!!!
Now i can see something on Homer server.
output is as follows:
[Fri, 18 Dec 2020 21:24:04 GMT] ERROR failed parsing Outgoing SIP
<133>[S=1638002] [SID=b9027c:24:188846] (N 6565994)
(#93)gwSession[Allocated]. Handle:00007FCCBDDC0A28; Global session ID:
a0846f6b3d23b251 #12(N 6565995) SIPEntity::PrepareConfigurationData:
Setting persistent connection to proxy: 52.114.7.24:5061 #12(N 6565996)
SIPAppMngr::GetControlIPAddress - Near NAT translation found for SIP
Interface 2. Translated IP Address 82.185.88.164:5061 #12(N 6565997)
States: (#950)AcSIPDialog[Allocated] #12(N 6565998) AcSIPDialog(#950):
Handling DIALOG_INIT_REQ in state DialogIdle #12(N 6565999) States:
(#950)AcSIPDialog[DialogIdle->DialogInitiated] #12(N 6566000)
AcSIPDialog(#950): Handling GENERAL_REQ in state DialogInitiated #12(N
6566001) ---- Outgoing SIP Message to 52.114.7.24:5061 from SIPInterface
#2 (Teams) TLS TO(#33) SocketID(144) ---- #12 [Time:18-12@23:23:53.504]
[Fri, 18 Dec 2020 21:24:04 GMT] ERROR failed parsing Incoming SIP
<133>[S=1638004] [SID=b9027c:24:188846] (N 6566002) ---- Incoming SIP
Message from 52.114.7.24:5061 to SIPInterface #2 (Teams) TLS TO(#33)
SocketID(144) ---- #012SIP/2.0 200 OK #012FROM:
<sip:10.160.111.51>;tag=1c952542661 #012TO: <sip:10.160.111.51> #012CSEQ: 1
OPTIONS #012CALL-ID: 27311412818122020232353@sbc.llspa.it #012VIA:
SIP/2.0/TLS sbc.llspa.it:5061;branch=z9hG4bKac522660872 #012CONTENT-LENGTH:
0 #012ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY #012SERVER:
Microsoft.PSTNHub.SIPProxy v.2020.12.7.3 i.ASEA.4 #12 #12 #12(N
6566003) AcSIPDialog(#950): Handling 200 OK in state DialogInitiated
#12(N 6566004) States:
(#950)AcSIPDialog[DialogInitiated->DialogConnected] #12(N 6566005)
SIPServersMngr::UpdateSetWithOnlineServer - Added server 52.114.7.24 to
working servers list #12(N 6566006) AcSIPDialog(#950): Handling
DIALOG_DISCONNECT_REQ in state DialogConnected #12(N 6566007) States:
(#950)AcSIPDialog[DialogConnected->DialogDisconnected] #12(N 6566008)
SIPAppMngr::FreeDialogAPI - (#119) #12(N 6566009) States:
(#950)AcSIPDialog[Deallocated] #12
(#950)AcSIPDialog[DialogDisconnected->DialogIdle] #12 [Time:18-12@23
:23:53.701]
[Fri, 18 Dec 2020 21:24:04 GMT] ERROR failed parsing Incoming SIP
<133>[S=1638007] [SID=b9027c:24:188847] (N 6566029) SBC_ADMIT_DIALOGS_EV:
(#65)SBCRoutesIterator -> (#0)SBCAdmissionControlMngr #12(N 6566030) CAC:
Add SBC Incoming Other, IPG 1 (Teams): 1, SRD 0 (DefaultSRD): 1, SipIF 2
(Teams): 1 #12(N 6566031) CAC: Add SBC Outgoing Other, IPG 1 (Teams): 1,
SRD 0 (DefaultSRD): 1, SipIF 2 (Teams): 1 #12(N 6566032) (#65)Route found
(0), Route by Address, IP Group 1 -> 1 (Teams -> Teams), Url:internal:0;
#12(N 6566033) ---- Incoming SIP Message from 52.114.7.24:4800 to
SIPInterface #2 (Teams) TLS TO(#5) SocketID(173) ---- #012OPTIONS
sip:sbc.llspa.it:5061;transport=tls SIP/2.0 #012FROM: <sip:
sip-du-a-as.pstnhub.microsoft.com:5061>;tag=783a74b3-f9e7-4ef2-8b4b-896d6b0d05c4
#012TO: <sip:10.160.111.51> #012CSEQ: 1 OPTIONS #012CALL-ID:
1fbdfb30-a06f-4520-84a9-c7a517b3b8ad #012MAX-FORWARDS: 70 #012VIA:
SIP/2.0/TLS 52.114.7.24:5061;branch=z9hG4bKd98f7df #012CONTACT: <sip:
sip-du-a-as.pstnhub.microsoft.com:5061> #012CONTENT-LENGTH: 0
#012USER-AGENT: Microsoft.PSTNHub.SIPProxy v.2020.12.7.3 i.ASEA.4
#012ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY #12 #12 #12(N 6566034)
States: (#954)AcSIPDialog[Allocated] #12(N 6566035) SBCNewCallData:
(#17)AcSBCDialogAPI -> (#17)SIPSBCDialogLeg #12 [Time:18-12@23:23:53.702]
[STDOUT] {
"payload": "SIP/2.0 200 OK \r\nVia: SIP/2.0/TLS
52.114.7.24:5061;branch=z9hG4bKd98f7df
\r\nFrom: <sip:sip-du-a-as.pstnhub.microsoft.com:5061>;tag=783a74b3-f9e7-4ef2-8b4b-896d6b0d05c4
\r\nTo: <sip:10.160.111.51>;tag=1c363695166 \r\nCall-ID:
1fbdfb30-a06f-4520-84a9-c7a517b3b8ad \r\nCSeq: 1 OPTIONS \r\nContact:
<sip:sbc.llspa.it:5061;transport=tls> \r\nServer: LLSBC
Laboratorio/v.7.20A.260.012 \r\nContent-Length: 0 SIP/2.0 200 OK \r\nVia:
SIP/2.0/TLS 52.114.7.24:5061;branch=z9hG4bKd98f7df \r\nFrom: <sip:
sip-du-a-as.pstnhub.microsoft.com:5061>;tag=783a74b3-f9e7-4ef2-8b4b-896d6b0d05c4
\r\nTo: <sip:10.160.111.51>;tag=1c363695166 \r\nCall-ID:
1fbdfb30-a06f-4520-84a9-c7a517b3b8ad \r\nCSeq: 1 OPTIONS \r\nContact:
<sip:sbc.llspa.it:5061;transport=tls> \r\nServer: LLSBC
Laboratorio/v.7.20A.260.012 \r\nContent-Length: 0 \r\n\r\n",
"rcinfo": {
"type": "HEP",
"version": 3,
"payload_type": 1,
"ip_family": 2,
"protocol": 6,
"proto_type": 1,
"correlation_id": "1fbdfb30-a06f-4520-84a9-c7a517b3b8ad",
"srcIp": "127.0.0.1",
"srcPort": 5060,
"dstIp": "52.114.7.24",
"dstPort": "4800",
"time_sec": 1608326644520,
"time_usec": 0
}
}
At homer side looks like as attached picture. (as you can see there is
127.0.0.1 and if i chose an call-id to display, there is always just one
method or reply. See attached picture)
Il giorno ven 18 dic 2020 alle ore 19:53 Lorenzo Mangani <
notifications@github.com> ha scritto:
… Pushed a new version which SHOULD produce some output, feel free to try it
out:
+ @***@***.***
todo:
- extract and use message timestamp instead of now()
- convert SBC realm to IP:PORT instead of 127.0.0.1:5060
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#75 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHRIEAKS5RT4SADJF6DZYXTSVOQKTANCNFSM4U72QSPA>
.
|
I don't see any picture, you can 'drag' them into the editor and they should upload. This is a good first step. I've based my example only on responses so there might be bugs on the other Incoming messages. Please confirm if this is the case and I'll take a look. |
|
Ok done.
Can you see them?
Il giorno sab 19 dic 2020 alle ore 00:06 Lorenzo Mangani <
notifications@github.com> ha scritto:
… I don't see any picture, you can 'drag' them into the editor and they
should upload. This is a good first step. I've based my example only on
responses so there might be bugs on the other Incoming messages. Please
confirm if this is the case and I'll take a look.
Once that's sorted, we can think of how to get the right ports and
addresses figured.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#75 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHRIEANGL2Z4L645MR3EC4LSVPN7ZANCNFSM4U72QSPA>
.
|
The screenshot doesn't tell me anything. This is about looking for and sharing message details such as parsing of Call-IDs being right or wrong, not just clicking once :) You need to look inside a few messages and tell us if its even right. There's nothing more I can do on your behalf here unless you can share a large chunk of data or a full Call-Flow. |
on the call flow you see only one message, because for that call id only one message exists :-) |
Sorry guys, Maybe it's not clear to me then how this tool really should work.
|
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Ok, email sent to support@sipcapture.org regards |
We need the logs from syslog. not file, or the parsing will be entirely different. Here's the recipe to do so:
Run the above, perform a full call, and then send us the audiocodes.json file - we'll be able to use it to fix the parser :) |
By the way question for anyone using those logs - if ANY of those events reveals the IP:PORT of the realms used, please suggest so ;) |
@spady7 the latest JSON file seems perfect, will take a look once possible and update you here |
This comment has been minimized.
This comment has been minimized.
Hi, I checked the manuals and here are the only information about how the syslog message is structured. As I told you earlier the whole SIP call is marked with the value "SID". In fact, if I analyze the syslog trace with the tool provided by Audiocodes and I filter the SID value, I get the entire SIP call. |
We can try use that as the correlation ID but it seems VERY ephemeral and would overlap often. Not good in general. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
@spady7 i think we got it working. Your next test with the latest version should be more interesting ;) |
Could you provide some examples of this config? I'll prepare some mapping array to hold it. |
@spady7 there's a good chance you will see RTP MOS reports as well :) Curious to hear what your test results will be |
Which version have I to test now? i'am bit confused....;-) ;-) ;-)
last one i get is "1.0.16"
Il giorno dom 20 dic 2020 alle ore 16:35 Lorenzo Mangani <
notifications@github.com> ha scritto:
… @spady7 <https://github.com/spady7> there's a good chance you will see
RTP MOS reports as well :) Curious to hear what your test results will be
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#75 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHRIEANLXLLSZKWDFSPTHNLSVYKV3ANCNFSM4U72QSPA>
.
|
Yes, no problem. I can. but i prefer share you my screen and expose you
configuration.
I cannot share here.
Il giorno dom 20 dic 2020 alle ore 00:39 Lorenzo Mangani <
notifications@github.com> ha scritto:
… Audiocodes works i bit complicated way. It use 'entities' (like ATA) and
to this entity is associated a sip interface and to that sip interface is
associated a network interface. This is way ( i suppose) we cannot see
directly IP:PORT on syslog. But, we could think to put inside
'pastash_audiocodes.conf' a "MAPPING" of that name to an IP:PORT (I know it
because i ve configured on Audiocodes sbc). Does should work? The name of
the "trunk" or whatever seems to be inside the parenthesis, ATA in this
example below possibly?
… <#m_7109771321670206548_>
---- Incoming SIP Message from 10.160.21.21:5060 to SIPInterface #3
<#3> (ATA) UDP TO(#3
<#3>) ---- NOTE: The parsing
format of the syslog events and the txt are different enough to cause
issues so i'm basing this on the syslog format Il giorno ven 18 dic 2020
alle ore 00:20 Agiftel Longwave ***@***.*** ha scritto:
Strange. 'ngrep -W byline port 9069 -d any' outputs nothing. port 9069 is
my choice, yes. Il giorno ven 18 dic 2020 alle ore 00:12 Lorenzo Mangani <
*@*.***> ha scritto: > Ok next run ngrep -W byline port 9069 -d any to
check if any HEP > messages are being sent. I assume the non-standard port
for HEP is your > choice, default would be 9060 for HOMER. > > The name of
the "trunk" or whatever seems to be inside the parenthesis, > ATA in this
example below possibly? > > ---- Incoming SIP Message from
10.160.21.21:5060 to SIPInterface #3
<#3> (ATA) UDP TO(#3
<#3>) ---- > > NOTE: The
parsing format of the syslog events and the txt are different > enough to
cause issues so i'm basing this on the syslog format > > — > You are
receiving this because you were mentioned. > Reply to this email directly,
view it on GitHub > <#75 (comment)
<#75 (comment)>>,
> or unsubscribe >
https://github.com/notifications/unsubscribe-auth/AHRIEAKVNPVTNJVMDUALFPLSVKF57ANCNFSM4U72QSPA
> . >
Could you provide some examples of this config? I'll prepare some mapping
array to hold it.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#75 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHRIEAPUI5KQHX2CKYUJ35TSVU2R5ANCNFSM4U72QSPA>
.
|
Ok, sorry. I saw it. Is "1.0.23"
Let me test...
Il giorno dom 20 dic 2020 alle ore 18:28 Agiftel Longwave <agiftel@gmail.com>
ha scritto:
… Yes, no problem. I can. but i prefer share you my screen and expose you
configuration.
I cannot share here.
Il giorno dom 20 dic 2020 alle ore 00:39 Lorenzo Mangani <
***@***.***> ha scritto:
> Audiocodes works i bit complicated way. It use 'entities' (like ATA) and
> to this entity is associated a sip interface and to that sip interface is
> associated a network interface. This is way ( i suppose) we cannot see
> directly IP:PORT on syslog. But, we could think to put inside
> 'pastash_audiocodes.conf' a "MAPPING" of that name to an IP:PORT (I know it
> because i ve configured on Audiocodes sbc). Does should work? The name of
> the "trunk" or whatever seems to be inside the parenthesis, ATA in this
> example below possibly?
> … <#m_-7817995491383188603_m_7109771321670206548_>
> ---- Incoming SIP Message from 10.160.21.21:5060 to SIPInterface #3
> <#3> (ATA) UDP TO(#3
> <#3>) ---- NOTE: The parsing
> format of the syslog events and the txt are different enough to cause
> issues so i'm basing this on the syslog format Il giorno ven 18 dic 2020
> alle ore 00:20 Agiftel Longwave ***@***.*** ha scritto:
> Strange. 'ngrep -W byline port 9069 -d any' outputs nothing. port 9069 is
> my choice, yes. Il giorno ven 18 dic 2020 alle ore 00:12 Lorenzo Mangani <
> *@*.***> ha scritto: > Ok next run ngrep -W byline port 9069 -d any to
> check if any HEP > messages are being sent. I assume the non-standard port
> for HEP is your > choice, default would be 9060 for HOMER. > > The name of
> the "trunk" or whatever seems to be inside the parenthesis, > ATA in this
> example below possibly? > > ---- Incoming SIP Message from
> 10.160.21.21:5060 to SIPInterface #3
> <#3> (ATA) UDP TO(#3
> <#3>) ---- > > NOTE: The
> parsing format of the syslog events and the txt are different > enough to
> cause issues so i'm basing this on the syslog format > > — > You are
> receiving this because you were mentioned. > Reply to this email directly,
> view it on GitHub > <#75 (comment)
> <#75 (comment)>>,
> > or unsubscribe >
> https://github.com/notifications/unsubscribe-auth/AHRIEAKVNPVTNJVMDUALFPLSVKF57ANCNFSM4U72QSPA
> > . >
>
> Could you provide some examples of this config? I'll prepare some mapping
> array to hold it.
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#75 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AHRIEAPUI5KQHX2CKYUJ35TSVU2R5ANCNFSM4U72QSPA>
> .
>
|
Yeah, just always pull the latest available, they get pushed as bugs get fixed. |
Try using this config for IP autodetection (very sketchy logs for TLS, only you can tell if it works)
|
All seems to work! If there are other Audiocodes lurkers watching this thread and willing to try, crawl out, we'll help :) |
Documented here: https://github.com/sipcapture/paStash/wiki/Example:-AUDIOCODES-Syslog Good luck @spady7! In case of issues or new discoveries, please open a new issue for clean tracking! |
Hi, I'am trying to send "syslog" coming from Audiocodes SBC to Homer 7.
What i did so far is a configuration file for pastash:
`input {
udp {
host => 0.0.0.0
port => 514
type => syslog
}
}
output {
stdout{}
if [rcinfo] != 'undefined' {
hep {
host => '10.160.21.80'
port => 9069
hep_id => 2222
hep_type => 1
}
}
}`
and i am sending the following output to Homer 7:
[STDOUT] { "message": "<133>[S=1455266] [SID=b9027c:24:167717] (N 5828845) AcSIPDialog(#1532): Handling GENERAL_RESPONSE_REQ in state DialogInitiated \n(N 5828846) States: (#1532)AcSIPDialog[DialogInitiated->DialogConnected] \n(N 5828847) ---- Outgoing SIP Message to 52.114.76.76:12544 from SIPInterface #2 (Teams) TLS TO(#156) SocketID(182) ---- \nSIP/2.0 200 OK \nVia: SIP/2.0/TLS 52.114.76.76:5061;branch=z9hG4bK5e9ae5e1 \nFrom: <sip:sip-du-a-eu.pstnhub.microsoft.com:5061>;tag=d652f27d-dba2-466e-b4a6-c0b6db2fd363 \nTo: <sip:10.160.111.51>;tag=1c345880336 \nCall-ID: 7ac9a01a-9624-41b8-970d-c903c5b24cd5 \nCSeq: 1 OPTIONS \nContact: <sip:sbc.domain.com:5061;transport=tls> \nServer: SBC Lab/v.7.20A.260.012 \nContent-Length: 0 \n \n \n(N 5828848) AcSIPDialog(#1532): Handling DIALOG_DISCONNECT_REQ in state DialogConnected \n(N 5828849) States: (#1532)AcSIPDialog[DialogConnected->DialogDisconnected] \n(N 5828850) RELEASE_ACK_EV: (#117)SIPSBCDialogLeg -> (#23)SBCDialog[Disconnecting->Disconnected] \n -> (#17)SBCEndPoint[Releasing->Released] \n -> (#8)SBCController[Disconnecting->Disconnected] \n -> (#16)SBCEndPoint[Releasing->Released] \n -> (#90)SBCDialog[Disconnecting->Disconnected] \n -> (#113)SIPSBCDialogLeg[Deallocated] \n [Time:17-12@17:08:32.551]", "host": "10.160.21.20", "udp_port": "514", "type": "syslog", "@timestamp": "2020-12-17T15:08:39.891Z", "@version": "1" } [STDOUT] { "message": "<133>[S=1455267] [SID=b9027c:24:167717] (N 5828851) SIPAppMngr::GetControlIPAddress - Near NAT translation found for SIP Interface 2. Translated IP Address 82.185.88.164:5061 \n(N 5828852) States: (#117)SIPSBCDialogLeg[Deallocated] \n(N 5828853) Discarding event SBC_ROUTING_DONE_EV. Receiver is invalid (#127) \n(N 5828854) States: (#57)SBCRoutesIterator[Deallocated] \n (#127)SBCFeature[Deallocated] \n (#8)SBCController[Deallocated] \n(N 5828855) CAC: Remove SBC Outgoing Other, IPG 1 (Teams): 0, SRD 0 (DefaultSRD): 0, SipIF 2 (Teams): 0 \n(N 5828856) States: (#90)SBCCall[Deallocated] \n(N 5828857) CAC: Remove SBC Incoming Other, IPG 1 (Teams): 0, SRD 0 (DefaultSRD): 0, SipIF 2 (Teams): 0 \n(N 5828858) States: (#23)SBCCall[Deallocated] \n [Time:17-12@17:08:32.552]", "host": "10.160.21.20", "udp_port": "514", "type": "syslog", "@timestamp": "2020-12-17T15:08:39.892Z", "@version": "1" } [STDOUT] { "message": "<135>[S=1455268] [BID=b9027c:24] _DnsCallback: end query recieved _GetInterfaceIndexByCtx(ctx) 1, q->qtyp 1 q->name sip-du-a-as.pstnhub.microsoft.com, p.dnsp_ttl 2 [File:DnsApi_Linux.cpp Line:1390] [Time:17-12@17:08:32.560]", "host": "10.160.21.20", "udp_port": "514", "type": "syslog", "@timestamp": "2020-12-17T15:08:39.896Z", "@version": "1" } [STDOUT] { "message": "<135>[S=1455269] [BID=b9027c:24] _DnsUpdateCacheEntryAddrInfo: update addr for query sip-du-a-as.pstnhub.microsoft.com [File:DnsApi_Linux.cpp Line:360] [Time:17-12@17:08:32.560]", "host": "10.160.21.20", "udp_port": "514", "type": "syslog", "@timestamp": "2020-12-17T15:08:39.896Z", "@version": "1" } [STDOUT] { "message": "<135>[S=1455270] [BID=b9027c:24] sip-du-a-as.pstnhub.microsoft.com resolved to 52.114.7.24 [File:DnsApi_Linux.cpp Line:313] [Time:17-12@17:08:32.560]", "host": "10.160.21.20", "udp_port": "514", "type": "syslog", "@timestamp": "2020-12-17T15:08:39.897Z", "@version": "1" }
However I cannot see anything on Homer server.
Any help?
Regards
The text was updated successfully, but these errors were encountered: