Logs & Settings Action Plan for DDoS Protection issues

Owned by Agat Support
Last updated: Nov 01, 2020
2 min read

Please follow this action plan in order to collect the logs:

1. Change the LAC Log Level

  1. Backup the Lync_Access_Control.xml file
  2. Change the log severity level to debug and enable dumps:
    • Change the <logging> tag in Lync_Access_Control.xml:
      1. In <main> tag configure <severity>debug</severity>
      2. In <dumps> tag change <enabled>true</enabled>
  3. Save changes

2. Change the Bastion Log Level

  1. Backup the bastion.xml file
  2. Change the log severity level to debug and enable dumps:
    • Change the <logging> tag in bastion.xml:
      1. In <main> tag configure <severity>debug</severity>
      2. In <dumps> tag change <enabled>false</enabled>
  3. Save changes
3. Restart the Bastion Service
  1. Open PowerShell
  2. Execute: Restart-Service bastion

4. Change the SIP Filter Log Level

  1. Backup the AgatSfbSIPFilter.yaml file
  2. Change the log severity level to debug and enable dumps:
      1. In log-level: tag configure Debug
      2. In trace-sip: tag configure true
  3. Save changes

5. Restart the SIP Filter Service

  1. Open PowerShell
  2. execute: Restart-Service AgatSfbSIPFilter

6. Replicate the issue

7. Collect the log LAC_<poolname>_<date>.log and the Dumps folder from the relevant date

8. Collect the log Bastion_<version>_<date>.log and the dumps folder from the relevant date

9. Collect the Lync_Access_Control.xml

10. Revert back to the old Lync_Access_Control.xml

11. Collect the log sipfilter-<date>.log and the trace.<date>.log from the relevant date

12. Collect the AgatSfbSIPFilter.yaml file

13. Revert back to the old AgatSfbShieldSIPFilter.yaml

14. Revert back to the old Bastion.xml

15. Restart the Bastion Service

  1. Open PowerShell
  2. Execute: Restart-Service bastion

16. Export Access Portal Logs

  1. Open the Access Portal WebUI
  2. Browse to /admin/logfiles
  3. Change the log level to DEBUG
  4. Replicate the issue
  5. Click on Export
17. Send AGAT Software Support the collected logs
The following files are expected to be delivered following this plan:
Access Portal logs and settings
  1. LAC__<version>_<poolname>_<date>.log from the relevant time frame in Debug mode
  2. LAC Traffic dumps from the relevant time frame
  3. Lync_Access_Control.xml
  4. sipfilter-<date>.log from the relevant date from the Edge
  5. trace-<date>.log from the relevant date from the Edge
  6. AgatSfbSipFilter.yaml from the Edge
  7. Bastion_<version>_<date>.log  folder from the relevant date
  8. Bastion Traffic dumps folder from the relevant date
  9. Bastion.xml
  10. Skype for Business Client logs

Default file location could be found here.


Please include the following information:
a. Time frames of issue
b. Users involved (SIP Address, AD username, UPN, etc.)