DESCRIPTION
Quick tips for using the traceSBC command from ASBCE command line interface.
PRODUCTS
ASBCE
APPLICABLE SOFTWARE RELEASES
7.x, 8.x, 10.x
RELATED KEYWORDS
traceSBC
TIPS
Tribute to Andrew Prokop. Older article but still a good one.
https://andrewjprokop.wordpress.com/2015/03/23/a-necessary-guide-to-the-avaya-tracesbc-utility/
You must have root privileges to run traceSBC. If necessary, you can add them from the command line with:
# sudo su
# su - root
traceSBC Fundamentals
When you are ready to begin tracing, enter ???traceSBC??? from a command prompt. Like traceSM, capitalization is important. TraceSBC and tracesbc are not the same as traceSBC.
There are a few important things you must understand about traceSBC in order to get the most out of it:
- traceSBC can be used even when the packets have been encrypted.
- traceSBC only shows packets that have not been rejected. This means that if a message violates a firewall rule or does not match a defined SBC role, the packet is not displayed.
- Some non-SIP messages can be displayed with traceSBC. Specifically, Avaya SIP telephones and soft clients will interact with the Personal Profile Manager (PPM) via https. traceSBC can display these messages, too.
- traceSBC can only display a maximum of 10,000 messages. Upon reaching this limit, the warning MAX NUM PACKETS 10000 EXCEEDED is shown. The clear command must be applied to display new messages.
- traceSBC can run in Automated Mode. This allows you to define triggers that stop displaying packets when one of the following conditions is met:
- Quantity of packets captured
- Quantity of seconds expired
- A message is captured that contains text matching a pre-defined regular expression
While running, traceSBC supports the following commands:
c clear the capture screen
s stop displaying new messages
w write the displayed information to a file
q quit/exit traceSBC
i toggle between displaying the IP address or server name
r turn on RTP simulation
u use the full screen for message detail
f apply a filter
d switch between classic or call summary views (diagrams)
traceSBC can be launched with the following options:
-m allow the execution of multiple copies of traceSM (from separate TuTTY/PuTTY connections)
-w write to a file
???h show help
-a automatic mode
traceSBC Filters
An active SBC will typically process far more SIP messages than you care to look at. Thankfully, filters can be applied to narrow down the number of packets displayed.
The following filter options are available:
| -u URI|Number | Filter calls that contain URI|Number is the From or To headers |
| -i IP Address | Filter messages from/to IP Address |
| -c Call-ID | Filter messages bases on the SIP Call-ID header |
| -r REGEXP | Filter messages based on the regular expression |
| -g HEA=VALUE | Filter SIP header filed HEA for the value VALUE |
| -or | Use a logical OR operator on two filter options |
| -nr | Do not display REGISTER messages |
| -ns | Do not display SUBSCRIBE/NOTIFY/PUBLISH messages |
| -no | Do not display OPTIONS messages |
| -na | Do not display SBC call processing messages |
| -np | Do not display Personal Profile Manager messages |
| -uni | Use Unicode/UTF-8 characters |
| -m | Allows multiple simultaneous instances of traceSBC |
| -w file | Set filename for saving filtered messages |
| -a TYPE | Starts capture in non-interactive mode TYPE. TYPE can be sip, ppm, or callp |
| -st SEC | Stops capture after SEC seconds |
| -sp PACKET | Stops capture after a given number of packets have been received |
| -sr REGEXP | Stops capture if regular expression found a match |
| -srt SEC | Run trace SEC more seconds after REGEXP match |
| -srp PACKET | Collect PACKET more messages after REGEXP match |
Several filters may be applied at the same time. For example:
-u ???4563516??? ???no ???ns ???nr
A filter with no options clears any previous settings.
SBC Log Files
As it runs, the Avaya SBC stores captured packet data in log files. This applies to both SIP and PPM. These files are found in the following directories:
SIP Messages: /archive/log/tracesbc/tracesbc_sip/
PPM Messages: /archive/log/tracesbc/tracesbc_ppm/
A new file is created when the relevant processes restart or the active file reaches 10 megabytes. At this point, the active file is saved and a new one is created.
Active files are stored in the following format:
tracesbc_sip_1408631651
Inactive or closed files are stored in the following format:
tracesbc_sip_1408631651_1408631234_1
traceSBC uses the active file to format and display packets in a user friendly format. If that file reaches the 10 megabyte limit, traceSBC continues processing using the newly created file.
traceSBC Modes
traceSBC can be run in three different manners:
- Real-Time Mode
In real-time mode, traceSBC processes the active log file. As stated above, the active log file will be regenerated when the 10 megabyte limit is reached.
Real-time mode is invoked as follows:
# traceSBC
- Non Real-Time Mode
Non real-time mode allows traceSBC to process a non-active file. In this mode, traceSBC can process one or more archived files. Enabling live capture is not possible in non real-time mode.
Non real-time mode is invoked similarly to the following:
# traceSBC tracesbc_sip_1408
- Automatic Mode
Automatic mode is invoked by starting traceSBC with the ???a and ???w parameters at a minimum.
For example,
# traceSBC ???a ???sip|ppm??? ???w /tmp/trace.log
You can use the mode to stop a capture after a certain condition has been met. The filtered messages are then automatically stored in the file specified on the command line. Multiple stop triggers may be used. Also, cntrl-c will cause traceSBC to stop and save the filtered messages.
User Interface
As with traceSM, navigation is very basic. Up and down arrows move through the filtered messages and enter expands a particular message. Don???t try to mouse around the window. This is a basic TTY interface and your mouse is useless here.
A typical call trace will look like this:
Select a message, hit enter, and the message will expand:
While traceSBC is gathering and filtering packets, you can use any of the runtime commands such as c, s, or f.
When the w command is invoked, traceSBC will store the filtered SIP and/or PPM messages. SIP messages are stored in pcapng format and PPM messages are stored in a separate file with the extension .ppm. These files can then be exported to another machine for further examination. This is necessary if you want to use Wireshark for packet parsing.
For fun, using the s (start) commend, I used traceSBC to gather only Personal Profile Manager (PPM) messages and then logged in my Avaya IOS SIP client.
Selecting the top message and pressing enter gives me this:
Notice that this is an https POST message. Not only does the Avaya SBC process SIP messages, it also supports the https messages required by PPM.