Lorenzo Mangani

My best guess is a plugin would be very easy to write using npm modules and any of our input plugins as example

We can't comment unless you attach an example - please do so and we'll happily take a look.

Thanks. The messages can be easily parsed, but those logs are pretty useless as they don't specify who's the sender or receiver of any of those SIP messages - extracting...

In order to turn those logs back into HEP/SIP at the very least we need to know the source/destination IP:PORT of each packet. The traffic doesn't look like its TLS...

@MattMou perhaps I confused you. homer can work with this just fine, you saw the other log processors converting output back to HEP/SIP but unfortunately for you the CUBE logs...

@astrakid thanks! Perhaps you know if the logs have options or can be extended to be more verbose in any way about the sessions they handle, perhaps a DEBUG level?

This is unfortunate indeed - we can't do this through logs without the network details. How about ERSPAN?

You absolutely can from a technical standpoint but besides being misleading in case of proxies, what happens when you have a domain name? ;)

thanks @pierok13 are those implemented as pastash filters?

That;s great! Would love to help out @pierok13 feel free to send a PR to the /plugins folder and we'll publish it