Shoretel Events to SysLog

In my last post I described how to configure windows events to syslog using a free application called SyslogAgent. When I showed Ben he thought it was really cool.  After I had shown him how it was done, we sat there and watched people log in and out of their computers in real-time and kept renewing out IP addresses to check out the delay of the service.  It was awesome.

“Hey, can we syslog the Shoretel?  There’s a CDR text file in the c: drive somewhere…”  Ben asked.

CDR or Call Detail Reporting is a logging service that runs on the Shoreware Director. It logs all calls that seize an outbound circuit to this file.  Because it is a file running on Windows, we should be able to port this file to syslog similar to the way I did it with the DHCP event logs in my prior post.

So, Ben found the CDR logs in the “C:\Shoreline Data\Call Records 2” folder.  All of the logs had a .log prefix.  This would be easy.  He setup the syslog agent on the shoreware director machine, pointed the Windows Events to go to my Dude syslog server, and setup a new application log in the agent which pointed to the CDR logs in the Shoretel directory.  The service was to send the string “bmb_cdr” (something unique and unlikely to be reproduced in the logfile) to the syslog for the Shoretel CDR log data.  This would note the facility and give a string to regex the CDR logs out of the windows events.

I wanted to separate the CDR syslogs from the windows events.  My thinking is that CDR will be useless information if troubleshooting a systems issue in the Windows event log.  Ben setup a new log called ShoreTel_CDR in the Dude.  Then he setup a Dude notification to “log to Shoretel_CDR”.  Configuring the Dude’s syslog to filter by regex was interesting.

Using regex to filter events by "bmb_cdr" (order is important!)

Now we have windows events going to the log file “Windows Events”, Shoretel CDR going to the logfile “ShoreTel_CDR”, and all the rest going to the syslog log file.

What did we accomplish here?  Here comes the fun part.  I wanted to test this to see if I could be alerted if someone calls my cell phone.  The grayed out filter above has my phone number.  When we turned it on and called my number, Ben got a page.  We can also view outbound/inbound calls via our PBX in real-time and in a single place.  Just imagine the possibilities!

Overall, I have not been impressed with the Shoretel system.  For the amount of money you have to pay for it, I would think that it has the same amount of features as the older phone systems like Mitel or Nortel.  In my opinion, the only reason it’s so popular is because an average IT guy/gal can understand it – which is dangerous because IT guys like to play.  Back in the day, it was rare that a phone system crashed.  Today’s IT guys deal with crashes all the time; so, this makes an IT person working with a telephone system crash quid pro quo with anything else. Scary thought, don’t you think?

This is the first time that I’ve actually liked the system.  Ironically, what I’m pleased about has very little to do with Shoretel!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s