cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1507
Views
10
Helpful
10
Replies

What are "SCAPS" discovery / queries and "tftp addr" in voip ATA log files and how to disable them?

SumGuy
Level 1
Level 1

 

I see a lot of these in my ATA's log files (SPA-112):

 

++++ retry query scaps
 +++ need tftp addr..
+++ send scaps discovery query

 

What is "SCAPS" (what is it an acronym for?) and how do I disable these queries in the ATA?

 

I believe that "need tftp addr" is not related to SCAPS but is something else - again why is the ATA looking for a tftp server and I do I tell it not to do this?

 

10 Replies 10

Dan Lukes
VIP Alumni
VIP Alumni

While debug&syslog messages are mostly undocumented, we can guess only.

 

My interpretation of the messages in question is different - ATA is wishing to query scaps (whatever it is), it require address of TFTP server to do it, no one is known yet, thus it's sending scaps discovery query to find one.

 

Capture not only syslog&debug messages but all network activity. You should see the "scaps discovery query" sent by ATA. It may help to identify what the scaps is and how to disable it.

> Capture not only syslog&debug messages but all network activity.
> You should see the "scaps discovery query" sent by ATA.


Of course I am seeing "scaps discovery query" sent by the ATA. The SPA-112 ATA is sending those messages to my syslog server.

This is the sequence of messages being sent by the ATA:


++++ retry query scaps
+++ need tftp addr..
+++ send scaps discovery query


This sequence repeats once per minute. Those 3 messages happen within a few ms of each other.


It should be fully known within the voip community what "scaps" means or stands for if it is important enough to be written into the ATA bios to generate these messages. Yet I can find nothing on the internet in general what "scaps" means in terms of voip telephony !! Why is that?


I have come across some indication that "tftp server" might be an indication that the ATA is looking for a PBX (such as asterisk) on the lan. I have no network-capable PBX and have never set up this ATA to make such contact, but apparently it is possible.


In this ATA web config setup:


Network Setup -> Advanced Settings -> CDP & LLDP

- CDP and Layer 2 Logging were already disabled
- LLDP-MED was enabled. I disabled it.

Disabling LLDP-MED did not change these syslog messages. They are still happening.


I can find nothing else in the web setup for this ATA SPA-112 where it may be a setting for "tftp" or "scaps".


Nobody here has ever seen those messages in any syslog files or knows what they are about?

Of course I am seeing "scaps discovery query" sent by the ATA. The SPA-112 ATA is sending those messages to my syslog server.

I'm not speaking about syslog message but about the scaps discovery query itself. ATA is sending it, you know. As mentioned already, the query may help you/us to identify what the "scaps" is.

It assumes you can capture ALL network traffic send by ATA.

 

Nobody here has ever seen those messages in any syslog files

Well, I can't speak for "nobody", but I have no such kind of messages in my logs. It mean the feature is disabled in my configuration. But I have so many features disables, so I don't know what particular one is generating those syslog messages. It's why I can't re-enable it and why I can't capture the scaps discovery query by self.

 

"SCAP" seems to stand for "Security Compliance Audit Automation Proxy".

Search the internet for this document:  tr12_telcosecday_kagerhuber_sca.pdf

=============

Three SCA proxy functions are distinguished: adapter, re-writing and segregation. Proxy Functions Segregation: Re-writing: Adapter Segregates networks (e.g. minimize IP address conflicts) Application firewall, 2-Tier Adds additional location information (e.g. re-writes FQDN) Connects non-sca systems to the SCA Management System Transforms proprietary non-sca messages to SCA conform messages Intranet: /24 Central Repository SCA Proxy (as segregator ) SCA collector SCA collector NE Vendor SCA collector B NE Vendor B Device Vendor B Production: /24 SCA View Provider SCA Mgmt. System SCA Data Retriever SCA Proxy (as re-writer ) SCA Data Retriever SCA collector Device Vendor B Hot-standby: / SCA Troopers 2012 November
===============

I believe the "need tftp addr" is not related to "scaps" but instead is related to the ATA seeking out a pbx on the lan to connect with. I frequently see during these web searches that tftp is related to people with issues with Asterisk.

The ATA is looking for XML files for configuration information, sometimes this is for localization (ie language files). This seems to pertain to IP phones more than ATA's.

 

Yes, I know what the SCAP is, but I believe it has nothing to do with ATA syslog message in question. I even know what the acronym SCAPS is - it's used for "(service) capabilities with sub-field", but even with it I don't believe it apply here. And finally, tftp is used by ATA for transfer of various files, including the provisioning. You are true, Asterisk users have issues with it. I helped many of them to solve. Based on my experience, the "need tftp addr" message is unrelated to provisioning and is related to other use of tftp.

 

But we both are just guessing. As you denied (or you are unable) to capture the SCAPS DISCOVER QUERY sent by ATA, we can't analyze it to confirm or refute our suspicion. So we will each keep our opinion.

> Yes, I know what the SCAP
You do? What do the letters stand for?

> I even know what the acronym SCAPS is - it's used for "(service) capabilities with sub-field",
How do the letters S C A P stand for "service capabilites with sub field" ?

Is this perhaps what SCAP is really about:
https://www.open-scap.org/
Security Content Automation Protocol?

And why is there no way for me to configure my $50 SPA-112 ATA to turn this stupid thing OFF! Several THOUSAND log entries per day with the garbage

++++ retry query scaps
+++ need tftp addr..
+++ send scaps discovery query

I have logging set to the least amount (least verbose) and they still come! Why? What good is capturing packets from the ATA to see what this "SCAPS discovery" is if I can't see how to turn if off in the web GUI interface of the ATA?

 

I spent my time in attempt to help you to identify the feature causing particular log lines. You refused my advice.

It seems you wish to follow own ways first. No problem, feel free to do it. I wish you success.

 

 

 

 

> Based on my experience, the "need tftp addr" message is
> unrelated to provisioning and is related to other use of tftp.


Read this thread (8 years ago):

https://community.cisco.com/t5/atas-gateways-and-accessories/spa-122-firmware-upgrade/td-p/2009873


"We just upgraded SPA 122 to version 1..1.1 Ver 011. After the upgrade SPA cannot register to the PBX to which it was registered before. PBX doesn't even show any registration attempts by it. "


Note what he is seeing in the logs:

++++ retry query scaps
+++ need tftp addr..
+++ send scaps discovery query

Hmmm.. Where have we seen those 3 lines before?


At the end of that thread, Patrick Born (Cisco employee) says:

"Please contact me directly at paborn at Cisco and I'll help you figure out what this issue is. Once we're done, I'll share with the Community what the issue was."

That's nice, he'll share the results of his investigation with the community. NOT. No such sharing ever took place. That was the end of the thread. Nice...

> I have no such kind of messages in my logs. 

Probably because of the logging-level you have set.  I have mine set to "Error" which is not very verbose but still these messages predominate and irritate.

 

Don't underestimate mu skills

I'm using highest level available on all phones, even in production and I'm capturing all messages from all of them (e.g. few hundreds of devices).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: