SIP log analyzer

Is there a standard log analyzer for SIP (standard interchange protocol)?

Kevin French

software
opac

Comments

Matthew Robinson: @KatieR This is a question about analyzing the logs generated by self-service circulation machines and/or the ILS that they are connected to. The SIP2 protocol has no application outside of libraries so I don't see how it can be off-topic.
KatieR: The wording of the question changed after I posted my comment.

Answer by Joe Atzberger

The question is about the 3M SIP2 protocol (not the internet telephony SIP), as implemented by every current ILS. It is inherently library-related:

http://en.wikipedia.org/wiki/Standard_Interchange_Protocol

That being said, logging is not part of the specifications. The log format and verbosity is an artifact of whatever systems you are running and their given configurations. There can be logging on the terminal side, the SIP daemon side, occasionally (historically) even in middleman multiplexers, the ILS transaction logs, etc.

Therefore there is no single analyzer that could be recommended to your abstract case. You might ask again specifically for your platform or hardware. The obvious extension of that is that you should probably ask your vendor or user group community first.

Comments

Kevin French: Thank you Joe. I have asked our vendor and user group but the latter hasn't provided much of a response and the former merely implied I get one. I've just started reading through these logs on our ILS and I was advised to get an analyzer making me think many existed that would parse out the information and enable me to manipulate it after. I appreciate you clarifying the situation for me.
Matthew Robinson: @KevinFrench Which ILS (and self-service circulation equipment) are you using?
Kevin French: Matthew, we're using the latest build of the Polaris ILS.

Answer by Tatjana Heuser

I am not aware of any logfile analyzer preconfigured for logs containing sip2 events (level of detail and format probably varying between vendors), but there are a few candidates, mostly from adapting and extending logfile analyzers targeting web, ftp, or mail servers.

lire from the LogReport project is able to generate html, pdf, excel ... files through a series of filters. There is no predefined input filter for anything sip2 related yet, but it's open source, well structured and very flexible when it comes to configuring.
w3perl is an opensource set of logfile analyzers targeted at logfiles storing information about network connections. It, too, could be used as a starting point to develop own filters, and would be able to generate reports as to "At which hours are the self-check automats in building x handling the most returns".

So if you can adapt one of these largely depends on what you expect from your analysis - a summary of error conditions weeding all the normal activities, statistics on actions by automat, or a more condensed human-readable overview of what's going on between those vendor-supplie black boxes and your system? For the latter, there's an excellent paper on syslog analysis by Cisco "Building Scalable Syslog Management Solutions", and a different range of tools to start at for automating the analysis.

Whatever route you're going, when I look at the logfile I'm getting from our system (a different ILS), you'll probably need to parse your logfile to generate one-event-per-line entries containing the information you want to extract and chew on.

Comments

Kevin French: Thank you, your last paragraph sums up my current thinking after a bit of investigation. I appreciate you sending along the whitepaper and will try out your recommendations.