How to monitor Ribbon SBC using Azure Log Analytics - The Legend of Hanuman
pexels photomix company 106344

How to monitor Ribbon SBC using Azure Log Analytics

by


In this tutorial I will be teaching you how to configure monitoring of your Ribbon SBC appliance using Microsoft Azure Log Analytics.

Particularly useful as Ribbon currently do not provide a monitoring solution for Ribbon SBC on Azure.

Let’s face it, Azure monitoring is downright awesome. It’s super easy to get going, inexpensive (compared to other 3rd party products) and the potential is limitless!

Table of Contents

Overview

We will be building an Ubuntu Server Linux virtual machine to act as an intermediary syslog gateway for Ribbon SBC SWeLite to forward logs into an Azure Log Analytics Workspace.

High Level Design

ribbon sbc syslog monitoring design 1

Prerequisites

  1. Azure subscription.
  2. Azure Log Analytics workspace.
  3. Ribbon SBC hosted in Azure (I am using SWeLite 9.0.1 in this guide).
  4. Network connectivity between Ribbon SBC and Linux VM.
    1. In this guide, there is a VNET peer between the Linux VM and Ribbon SBC network. They are both in Azure.

Note: There will be a small operational expenditure with this exercise as you will be creating a new Linux virtual machine in Azure.

If you have a pre-existing Linux VM in Azure you can use that without incurring additional costs.

Provision Linux VM

We are provisioning a Ubuntu Server 18.04 Linux VM for this exercise as it is cheap and secure.

  1. Within Azure Portal, click Create a resource.
image 6 1
  1. Within Search the Marketplace bar, enter Ubuntu and click Ubuntu Server 18.04 LTS.
image 7
  1. Click Create.
image 8
  1. Give your new Ubuntu Server Linux VM a name and customise. In this guide we are using B1ls as it is the least expensive.
image 9
  1. Your configuration screen should look like above exhibit.
  2. Create your virtual machine when ready.
  3. Finish.

Install Log Analytics Agent

Log Analytics Agent (formerly known as OMS agent) installation guide for PROD-UBUNTU-01 virtual machine. This will act as our syslog gateway for Ribbon / Sonuc SBC.

Note: An Azure Log Analytics workspace is a prerequisite for this section.

  1. In Azure Portal, search for “Log Analytics” in the top search bar and click to open.
image 10 1
  1. Click to open your Log Analytics workspace.
image 11
  1. Within newly opened blade on the right of your screen, click Virtual machines under Workspace Data Sources.
image 12 1
  1. Within distant right-hand blade, click to open our newly created Linux VM. It is PROD-Ubuntu-01 my example below.
image 13
  1. Click Connect.
image 14
  1. Log Analytics monitoring agent is now deploying to our Linux VM. This can take up to 5 minutes to complete.
  2. Once it is complete and the agent is connected to our workspace, click Advanced settings within Log Analytics workspace blade.
image 15 1
  1. Click Data > Syslog > within facility search bar in right pane, type local0 and click +. Ribbon SBC will only utilise local0 per below instructions.
image 29
  1. Ensure all facility options ranging from EMERGENCY to DEBUG are ticked.
  2. Click Save.
  3. Connect to the Linux VM using SSH. For instructions on how to SSH to an Azure hosted Linux VM, check this out.
  4. Once successfully logged on, execute the following command to enable Rsyslog remote log forwarding. sudo vi /etc/rsyslog.d /95-omsagent.conf.
image 17
  1. Append the following two lines at end of the file, save and close VI.
image 18 1
  1. Restart the rsyslog service using the command sudo service rsyslog restart.
  2. Verify that our Linux VM is listening on port 514 using the command netstat -an | grep 514.
image 19 1
  1. Finish.

Our Ubuntu Server Linux virtual machine is now configured to act as a syslog gateway to forward logs to our Log Analytics workspace. Our next action is to configure Ribbon SBC to send remote syslogs to our Ubuntu Server Linux VM.

Enable Ribbon SBC Remote Syslog

  1. Navigate to your Ribbon SBC appliance’ web GUI. You can do this via its management IP.
image 20 1
  1. Click Settings > Remote Log Servers > +.
image 21
  1. A pop-up window will appear, enter the following settings.
    1. Global Log Level: Informational
    2. Log Destination: Ubuntu Server Linux VM IP
    3. Port: 514
    4. Protocol: UDP
    5. Log Facility: local0 (Local Use 0)
    6. Enabled: Yes
image 22
  1. Click OK.
  2. Finish.

Viewing Logs

We can now see logs begin to feed into our Log Analytics Workspace.

  1. In Azure Portal, search for “Log Analytics” in the top search bar and click to open.
image 23
  1. Click to open your Log Analytics workspace.
image 24
  1. Click Logs.
image 25 1
  1. Execute the following KQL query;

Syslog
| where TimeGenerated > ago(24h)
| where Computer contains "RIBBON SBC IP ADDRESS"

  1. Congratulations! We can now see syslogs from Ribbon SBC in Azure Log Analytics.
image 26 1

Next Actions

Next steps are to configure Azure alerts and actions based on event severity level.

For example we can configure an action to send email to a Microsoft Teams channel or raise a ServiceNow ticket using an ITSM hook when there is a “warn” or “critical” severity level event. The possibilities are endless.

Stay tuned!

 


Share this content:

I am a passionate blogger with extensive experience in web design. As a seasoned YouTube SEO expert, I have helped numerous creators optimize their content for maximum visibility.

Contact

Leave a Comment