Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Logging settings in flashphoner.properties

Setting

Default value

client_log_level

INFO

client_dump_level

0

enable_extended_logging

true


Logs are recorded to /usr/local/FlashphonerWebCallServer/logs

...

This is a standard config of the log4j format.

 

Settings description

Attribute

Value

Description

log4j.rootLogger

info, stdout, fAppender

Root logger.

info - INFO logging level. More detailed levels, for example, DEBUG and TRACE, and less detailed, for example, ERROR are available.

stdout, fAppender - set how and where logs are output.

log4j.logger.incoming.Publication

info, incoming_publication

RTMFP-SIP calls statistics logger for the traffic incoming from a SIP server.

info - logging level
incoming_publication - sets how and where logs are output.

log4j.logger.outgoing.Publication

info, outgoing_publication

RTMFP-SIP calls statistics logger for the traffic outgoing to a SIP server.

info - logging level
outgoing_publication - sets how and where logs are output.

log4j.logger.pushLogs.FlashphonerHandler

Not used

Not used

log4j.additivity.incoming.Publication

false

Do not add these logs to the general log, recording them as individual logs instead

log4j.additivity.outgoing.Publication

false

Do not add these logs to the general log, recording them as individual logs instead

log4j.logger.sipMessages

debug

Put inbound and outgoing SIP messages to the log

log4j.logger.WSServerHandlertracePut outgoing Websocket messages to the log
log4j.logger.WSClientdebugPut incoming Websocket messages to the log

log4j.appender.stdout

org.apache.log4j.ConsoleAppender

Output logs to stdout

log4j.appender.fAppender

org.apache.log4j.DailyRollingFileAppender

Output logs to fAppender

log4j.appender.incoming_publication

org.apache.log4j.DailyRollingFileAppender

Output RTMFP statistics to incoming_publication

log4j.appender.outgoing_publication

org.apache.log4j.DailyRollingFileAppender

Output RTMFP statistics to outgoing_publication

log4j.appender.clientLog

org.apache.log4j.DailyRollingFileAppender

Not used

Logging settings hot swapping

...

Code Block
languagebash
themeRDark
client_log_level=INFO

Managing automatic purging of these logs is performed using the settings: keep_extended_logs_max_days, extended_logs_dir_depth, check_extended_logs_interval. By default, It is recommended to use cron in conjuction with find to periodically purge client logs. For example, to check for outdated logs is performed every 24 hours and delete all logs older than 30 days are deleted. To modify client logs storage and deletion rules, edit these settings and restart the WCS server.add the following cron task

Code Block
languagebash
themeRDark
0 0 * * * find /usr/local/FlashphonerWebCallServer/logs/client_logs/ -type d -mtime +30 | xargs rm -rf

Logging level managing "on the fly"

...

REST methods and response statuses

REST method

Example of REST request

Example of REST response

Response status

Description

/logger/enable_client_log

Code Block
languagejs
themeRDark
{
 "sessionId": "/127.0.0.1:57539/192.168.1.101:8443",
 "logLevel": "DEBUG"
}

200 - Logging level is changed

404 - Session not found


Set the logging level specified in session specified

/logger/disable_client_log

Code Block
languagejs
themeRDark
{
 "sessionId": "/127.0.0.1:57539/192.168.1.101:8443"
}

200 - Logging is disabled

404 - Session not found

Fully disable logging in session specified

Parameters

Parameter name

Description

Example

sessionId

Session Id

/127.0.0.1:57539/192.168.1.101:8443

logLevel

Logging level to set

DEBUG

Thus, when problem occurs with stream published on server (for example, the stream is published but cannot be played), REST query should be sent to server to switch logging level to DEBUG and then, when problem is reproduced and data are collected, to switch logging level back to INFO. Also it is possible to switch logging off in certain client session.

...

Code Block
languagebash
themeRDark
3000;3001;f294f6116bf2cc4c725f20457ed76e5b@192.168.56.2;2014-11-21 15:01:37; 2014-11-21 15:01:41; 2014-11-21 15:02:45;64;ANSWERED

Field

Description

src

Caller

dst

Callee

cid

Call identifier

start

Call start (date and time).

answer

Date and time the call is answered by the subscriber or the SIP side.

end

Date and time the call ended.

billsec

Time in seconds between 'answer' and 'end'.

disposition

Call result: ANSWERED, NO_ANSWER, BUSY, FAILED.

MDR logs

Message Detail Record is a SIP messages log.

...

Code Block
languagebash
themeRDark
Fri Dec 26 15:26:16 NOVT 2014,null,A006,A005,RECEIVED

Field

Description

date

Date and time of the message

msgId

Message identifier. Is present only in message/cpim messages if isImdnRequired=true (see Web Call Server - Call Flow documentation, parameters of the passed messages in the sendMessage method are described there).

from

SIP from

to

SIP to

disposition

Message result: RECEIVED, SENT, FAILED.

RECEIVED - the message is received.

SENT - the message is sent.

FAILED - there were an error while sending the message.

You can also gather any message statistics and their statuses you need using WCS REST API. See Web Call Server - Call Flow documentation that describes all methods and data sets that WCS sends via REST when it processes messages.

...

Code Block
languagebash
themeRDark
2015-11-11 08:36:13;Flash;stream-Bob;5c2d75c0-7d87-421d-aa93-2732c48d8eaa;00:00:48;UNPUBLISHED;;PUBLISH;3;

Field

Description

start

Date and time the session started

mediaProvider

The media used in WCS JavaScript API: WebRTC, Flash

name

Name of the published / played stream

mediaSessionId

Media session identifier

duration

Duration of the session

disposition

Session result: UNPUBLISHED, STOPPED, FAILED

UNPUBLISHED - publishing of the stream was stopped

STOPPED - playing of the stream was stopped

FAILED - incorrect session end

info

If disposition==FAILED, this field contains the description of the reason

type

PUBLISH if publishing the stream

SUBSCRIBE if playing the stream

subscribers

The number of subscribers in case of publishing the stream; 0 if playing the stream

CONNDR logs

Connection Detail Record is a WebSocket sessions log.

...

Code Block
languagebash
themeRDark
2018-04-25 19:29:08;/5.44.168.45:52199/95.191.131.64:8443;DISCONNECTED;Normal disconnect;17;

Field

Description

start

Date and time the session started

mediaSessionId

Media session identifier

disposition

Session result: DISCONNECTED, FAILED

DISCONNECTED - the session ended by client's initiative

FAILED - incorrect session end

info

Contains information about the session end

duration

Duration of the session

GC logs

By default garbage collector log files are located in /usr/local/FlashphonerWebCallServer/logs directory.

...

Code Block
themeRDark
logs
---- gc-core.log.0
---- gc-core.log.1
---- gc-core.log.2.current

CVE-2021-44228 vulnerability

CVE-2021-44228 vulnerability in Apache log4j library cannot be exploited on WCS server. The logger can be configured via log4j.properties only, so attacker must have access to server file system. The vulnerability cannot be exploited via input fields etc. Let's check:

1. Use the URL https://log4shell.huntress.com/ to check the server. This page will generate an unique link to insert to a web page input fields

2, Open Two Way Streaming example page on demo server https://demo.flashphoner.com:8888/client2/examples/demo/streaming/two_way_streaming/two_way_streaming.html, click Connect and insert the test link to stream name fields. Publish and play a stream:

Image Added

3. Open a special link to view test results. If vulnerability is exploited, IP address and Date/Time columns will show connections from tested server

Image Added

As test shows, the CVE-2021-44228 vulnerability cannot be exploited in latest WCS build 5.2.1109

Under the hoods: why WCS is not vulnerable

WCS uses Apache log4j 1.2.17. This old version does not support JDNI feature which is added since log4j 2.0-beta9. Therefore, CVE-2021-44228 vulnerability cannot be exploited in WCS.