01-01-2021 06:14 AM
I see a lot of these in my ATA's log files (SPA-112):
++++ retry query scaps
+++ need tftp addr..
+++ send scaps discovery query
What is "SCAPS" (what is it an acronym for?) and how do I disable these queries in the ATA?
I believe that "need tftp addr" is not related to SCAPS but is something else - again why is the ATA looking for a tftp server and I do I tell it not to do this?
01-01-2021 03:07 PM
While debug&syslog messages are mostly undocumented, we can guess only.
My interpretation of the messages in question is different - ATA is wishing to query scaps (whatever it is), it require address of TFTP server to do it, no one is known yet, thus it's sending scaps discovery query to find one.
Capture not only syslog&debug messages but all network activity. You should see the "scaps discovery query" sent by ATA. It may help to identify what the scaps is and how to disable it.
01-01-2021 03:44 PM
> Capture not only syslog&debug messages but all network activity.
> You should see the "scaps discovery query" sent by ATA.
Of course I am seeing "scaps discovery query" sent by the ATA. The SPA-112 ATA is sending those messages to my syslog server.
This is the sequence of messages being sent by the ATA:
++++ retry query scaps
+++ need tftp addr..
+++ send scaps discovery query
This sequence repeats once per minute. Those 3 messages happen within a few ms of each other.
It should be fully known within the voip community what "scaps" means or stands for if it is important enough to be written into the ATA bios to generate these messages. Yet I can find nothing on the internet in general what "scaps" means in terms of voip telephony !! Why is that?
I have come across some indication that "tftp server" might be an indication that the ATA is looking for a PBX (such as asterisk) on the lan. I have no network-capable PBX and have never set up this ATA to make such contact, but apparently it is possible.
In this ATA web config setup:
Network Setup -> Advanced Settings -> CDP & LLDP
- CDP and Layer 2 Logging were already disabled
- LLDP-MED was enabled. I disabled it.
Disabling LLDP-MED did not change these syslog messages. They are still happening.
I can find nothing else in the web setup for this ATA SPA-112 where it may be a setting for "tftp" or "scaps".
Nobody here has ever seen those messages in any syslog files or knows what they are about?
01-01-2021 04:36 PM
Of course I am seeing "scaps discovery query" sent by the ATA. The SPA-112 ATA is sending those messages to my syslog server.
I'm not speaking about syslog message but about the scaps discovery query itself. ATA is sending it, you know. As mentioned already, the query may help you/us to identify what the "scaps" is.
It assumes you can capture ALL network traffic send by ATA.
Nobody here has ever seen those messages in any syslog files
Well, I can't speak for "nobody", but I have no such kind of messages in my logs. It mean the feature is disabled in my configuration. But I have so many features disables, so I don't know what particular one is generating those syslog messages. It's why I can't re-enable it and why I can't capture the scaps discovery query by self.
01-01-2021 05:39 PM - edited 01-01-2021 05:43 PM
"SCAP" seems to stand for "Security Compliance Audit Automation Proxy".
Search the internet for this document: tr12_telcosecday_kagerhuber_sca.pdf
=============
Three SCA proxy functions are distinguished: adapter, re-writing and segregation. Proxy Functions Segregation: Re-writing: Adapter Segregates networks (e.g. minimize IP address conflicts) Application firewall, 2-Tier Adds additional location information (e.g. re-writes FQDN) Connects non-sca systems to the SCA Management System Transforms proprietary non-sca messages to SCA conform messages Intranet: /24 Central Repository SCA Proxy (as segregator ) SCA collector SCA collector NE Vendor SCA collector B NE Vendor B Device Vendor B Production: /24 SCA View Provider SCA Mgmt. System SCA Data Retriever SCA Proxy (as re-writer ) SCA Data Retriever SCA collector Device Vendor B Hot-standby: / SCA Troopers 2012 November
===============
I believe the "need tftp addr" is not related to "scaps" but instead is related to the ATA seeking out a pbx on the lan to connect with. I frequently see during these web searches that tftp is related to people with issues with Asterisk.
The ATA is looking for XML files for configuration information, sometimes this is for localization (ie language files). This seems to pertain to IP phones more than ATA's.
01-02-2021 12:08 AM - edited 01-02-2021 12:09 AM
Yes, I know what the SCAP is, but I believe it has nothing to do with ATA syslog message in question. I even know what the acronym SCAPS is - it's used for "(service) capabilities with sub-field", but even with it I don't believe it apply here. And finally, tftp is used by ATA for transfer of various files, including the provisioning. You are true, Asterisk users have issues with it. I helped many of them to solve. Based on my experience, the "need tftp addr" message is unrelated to provisioning and is related to other use of tftp.
But we both are just guessing. As you denied (or you are unable) to capture the SCAPS DISCOVER QUERY sent by ATA, we can't analyze it to confirm or refute our suspicion. So we will each keep our opinion.
01-02-2021 07:41 AM - edited 01-02-2021 08:05 AM
> Yes, I know what the SCAP
You do? What do the letters stand for?
> I even know what the acronym SCAPS is - it's used for "(service) capabilities with sub-field",
How do the letters S C A P stand for "service capabilites with sub field" ?
Is this perhaps what SCAP is really about:
https://www.open-scap.org/
Security Content Automation Protocol?
And why is there no way for me to configure my $50 SPA-112 ATA to turn this stupid thing OFF! Several THOUSAND log entries per day with the garbage
++++ retry query scaps
+++ need tftp addr..
+++ send scaps discovery query
I have logging set to the least amount (least verbose) and they still come! Why? What good is capturing packets from the ATA to see what this "SCAPS discovery" is if I can't see how to turn if off in the web GUI interface of the ATA?
01-02-2021 10:09 AM
I spent my time in attempt to help you to identify the feature causing particular log lines. You refused my advice.
It seems you wish to follow own ways first. No problem, feel free to do it. I wish you success.
01-02-2021 08:01 AM
> Based on my experience, the "need tftp addr" message is
> unrelated to provisioning and is related to other use of tftp.
Read this thread (8 years ago):
https://community.cisco.com/t5/atas-gateways-and-accessories/spa-122-firmware-upgrade/td-p/2009873
"We just upgraded SPA 122 to version 1..1.1 Ver 011. After the upgrade SPA cannot register to the PBX to which it was registered before. PBX doesn't even show any registration attempts by it. "
Note what he is seeing in the logs:
++++ retry query scaps
+++ need tftp addr..
+++ send scaps discovery query
Hmmm.. Where have we seen those 3 lines before?
At the end of that thread, Patrick Born (Cisco employee) says:
"Please contact me directly at paborn at Cisco and I'll help you figure out what this issue is. Once we're done, I'll share with the Community what the issue was."
That's nice, he'll share the results of his investigation with the community. NOT. No such sharing ever took place. That was the end of the thread. Nice...
01-01-2021 07:16 PM
> I have no such kind of messages in my logs.
Probably because of the logging-level you have set. I have mine set to "Error" which is not very verbose but still these messages predominate and irritate.
01-01-2021 11:53 PM
Don't underestimate mu skills
I'm using highest level available on all phones, even in production and I'm capturing all messages from all of them (e.g. few hundreds of devices).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide