2 METHODS TO CAPTURE SIP LOGS
1. Signaling only –
• restart your codec. This will ensure that the log files are empty when you start logging.
• login using SSH to your system as admin.
• For Sip enter the command: log ctx sippacket debug 9.
• For H.323 enter the command: log ctx h323packet debug 9.
• All log message output will now be sent into the application.log file under current logs.
• Now place the call and re-create the problem.
• Hang up the call.
• Turn off the logging you enabled, by either log ctx sippacket debug off or log ctx
h323packet debug off. Tip You can press up arrow to repeat last command and delete
the 9 and add off.
• From the web interface navigate to Diagnostics -> Log Files. Under Current logs select
eventlog/application.log to see the logging messages.
2. Signaling, Media and all other interactions
• Login as root
• Enter the command: tcpdump –s0 –w /tmp/filename.pcap
• place a call or perform the action you want recorded (e.g. phonebook lookup). NOTE if you
have a video issue please make an unencrypted call. This way support can decode the media.
• replicate the issue.
• Hang up the call (if you are in a call).
• Ctrl + C to stop the capture.
• Use WinSCp on windows or scp on linux/OS X to login as root and navigate to /tmp and
download the log.pcap file (e.g. scp root@<Ip-Address-System>:/tmp/*.pcap will copy all
.pcap files from system to the current directory).
• To analyze the resulting file you can use Wireshark – see next section.
See screenshot showing a successful packet capture:
See screenshot of the WinSCP session to the EX60 using root credentials:
See screenshot of the Wireshark analysis with a “sip” filter:
This summary is based on the following excellent document on Cisco.com: