Oracle Communications EAGLE (Hardware)
 

PLA-Support>Sun Systems>CommsGBU>Global Signaling Solutions>SN-SND: Tekelec OS EPAP ECAP
 

In this Document

Goal

Solution

Created from <SR 3-9513970881>

Applies to:

Goal

How to identify a session and its Internet Protocol (IP) address of mysterious deletings on EPAP database using the logs?
 

Solution

1. Collect the logs daily as those could be removed due to size and number of files.
2. If the changes are done via the Graphical User Interface (GUI), with the use of security.log, you can see the time/date that the suspicious IP connected to the system via the GUI.
3. Then via the cgi.dbg logfile, you can search for dlt commands of affected data (Network Entity (NE), International Mobile for Subscriber Identity (IMSI), Directory Number (DN)); detailed information will be logged on the pdba.cmd logfile about the changes done via the GUI.
Note. If you do a change via the GUI, the system will connect to the Provisioning DataBase Interface (PDBI) interface and execute the command requested using the IP from the remote IP (e.g. laptop).
4. If the changes are sent directly to the PDBI interface or by importing files review the same logs: cgi.dbg and pdba.cmd.
5. Once the affected IP has been identified, remove it from the list of authorized IPs.
6. Improve the security restricting IPs:
Only authorized the IPs from the provisioning system that can connect and do changes
Only authorized the IPs from Operations, Administration and Maintenance (OAM) users that can connect to the GUI and do changes.
7. Modify GUI OAM users and groups to only execute certain commands disabling delete commands to minimize re-occurrence. Please review the user administration from the "EPAP Administration Manual" if needed.
 

This solution has no attachment