Capturing Syslog and Ethernet Packets from Grandstream Devices_ A Step-by-Step Guide

Capturing Syslog and Ethernet Packets from Grandstream Devices: A Step-by-Step Guide

by
Capturing Syslog and Ethernet Packets from Grandstream Devices_ A Step-by-Step Guide

Description

If you are new to telephony networking and troubleshooting, this guide shows you step-by-step setup and configuring the parameters to capture the packets locally in Grandstream devices.

When we run into telephony issues (for eg. no audio, BLF keys are not working, unable to make calls, etc), to have the Support and Developer teams identify the root cause, we need to get logs and system information from the devices: 

a. System Information under Status > System Info > Download System Information (available in GRP26XX, WP8XX, and GXP21XX models only)

b. *Syslog at (Extra) Debug level under Maintenance

c. *Packet Capture under Maintenance

d. Core Dump under Status > System Info (for freezing issues only)

e. Internal Syslog Capture under Maintenance > Syslog. It can capture the supplicant logs to flash. (available in WP8XX only)

Replicating the issue

Make sure to enable logging before making a test call or replicating the issue. Stop the log capture once the call disconnects.

Figure 1 shows the time stamp between the start and stop of the log capture

Method 1: Wireshark Application

System Requirements

a. A laptop or PC

b. Networking switch (unmanaged or managed)

c. Phones

How to

Step 1: Download Wireshark to your laptop or PC. Connect your phones to the laptop using a networking switch, or ensure that all devices are on the same LAN network.

Figure 2: Connect your phones to the laptop using a networking switch, or ensure that all devices are on the same LAN network.

Step 2: Log in to the phone’s Web GUI and navigate to Maintenance > Syslog. Configure the following parameters (settings may vary by model):

  • Syslog Protocol: UDP
  • Syslog Server: IP address of your laptop (where Wireshark is installed)
  • Syslog Level: DEBUG
  • Send SIP Log: Yes

Step 3: Click Save and Apply.

Figure 3: Save and Apply the Syslog configuration, followed by a Reboot to take effect immediately.

If you don’t have a switch, you can enable Mirrored PC Port Mode under Network > Advanced Settings. Then, connect your laptop directly to the phone’s PC port to capture live Syslog messages. Note: The PC Port Mode option is not available for the HT801 and HT802 models.

Figure 4: Configuring the PC port mode to Mirrored allows traffic from the LAN port to pass through the PC port, enabling packet capture by connecting a laptop or PC to the phone’s PC port.

Step 4: Launch the Wireshark application, select the correct interface (eg. Ethernet), and click Start.

Figure 5: Select the correct interface and click Start to capture the traffic.

Step 5. Apply the filter syslog && ip.addr == <Phone’s IP address> to make sure you capture the live Syslog messages of the phone

Figure 6 shows the live traffic of Syslog messages

Step 6. Now, replicate your issue

Step 7. Once it completes, click the Stop button and save as pcap format

Figure 7: Click Stop to end the packet capture

Method 2: Grandstream Windows Syslog Utility tool

Recently, we have added a Syslog Utility – a Windows tool to collect Grandstream products (especially ATAs and Gateways) Syslog for troubleshooting purposes. 

Method 3: Built-in Packet Capture tool

Figure 8: Built-in Packet Capture tool in the phone.

Step 1: Access the phone’s Web GUI and navigate to Maintenance > Packet Capture. Configure the following settings:

  • Capture Location: Internal Storage
  • With RTP Packets: Yes (if troubleshooting audio issues)
  • USB Filename: (if USB is selected)

Step 2: Click Start and replicate the issue

Step 3: Click Stop and Download

Method 4: GDMS Diagnostic tool

The Grandstream Device Management System (GDMS) offers real-time monitoring and troubleshooting tools to help diagnose and resolve issues. Key features include ping tools, syslog, capture trace, network diagnostics, and system status.

Step 1

Ensure your devices are listed among the supported models and create a free account at gdms.cloud.

Step 2

Connect your device to the internet. Navigate to Device Management > VoIP Device, then select Add Device using the MAC address and serial number.

Step 3

Once your device shows as online (indicated by a green dot) in the device list, click the Diagnostic button and replicate the issue you want to troubleshoot.

Step 4

Click Start on both Syslog and Capture Trace to begin monitoring.

Steps by step to capture packets from Grandstream Door Intercom GDS3710

Figure 6: Click Start on the Packet Capture on GDS3710’s Web UI
Figure 7 Configure Syslog Server and set Syslog Server (Debug) on the Syslog page
Figure 8 Launch the Wireshark application and capture the live packets
Figure 9 Make a call from the GDS3710’s UI without pressing the bell.
Figure 10 shows the GDS3710’s video preview on GXV3480
Figure 11 shows the Syslog messages from GDS3710 captured using the Wireshark application during the video preview.

Grandstream IP PBX UCM

Grandstream UCM has built-in troubleshooting tools under the Maintenance tab. They are:

  1. SYSLOG
  2. Network Troubleshooting (VoIP or PBX-related issues)
  3. Signaling Troubleshooting (analog trunk-related issues)

Click here to read more on the UCM troubleshooting tools.