Collecting Logs and Network Traffic Captures with Wireshark

Note: In a VERY HIGH VOLUME scenario, it may be preferable to use the command-line tool shipped with Wireshark, called tshark.exe – this allows capturing traffic without consuming a large amount of system resources needed to maintain the Wireshark GUI.

Very often, when you are troubleshooting issues, the 3CX Support team will ask for logs and captures to look at the issue in more detail. The logs generated by 3CX PhoneSystem can be very extensive, and looking through them can be a difficult process, but it is the only way for the 3CX Support team to understand the flow of a call, how it was routed through the system, how the PBX chooses to negotiate codecs between itself and other endpoints (such as extensions or VoIP providers or Gateways), and how the message headers are built.

The best way to present logs and captures to the 3CX Support team is by following these steps:

  • Make sure that the logging level for 3CX PhoneSystem is set to “Verbose”, with the “Keep backup of log files” option ENABLED. This can be done from 3CX Phone System Management Console > “Troubleshooting” > “Activity Log” > “Logging” button, ensure that the Logging Level is configured to Verbose and that “Keep backup of log files” is enabled..
  • Restart all the services (to make sure the logs are cleared out of previous calls) and wait for about 5 minutes, leaving the PBX idle for all components to register with 3CX PhoneSystem
  • Start the Wireshark application, and start a capture on the interface which delivers the traffic to the endpoints under test. If your PBX has multiple interfaces which are involved in a single call, you should start an instance of Wireshark for each of the interfaces, and start a capture for each instance on the different interfaces. More details how this can be done may be found on
  • Replicate the problem call, taking notes of the number you called from, the number you called, the extension numbers (and any other entities, internal or external) involved to replicate the issues, the exact time you started the call (get this from the clock on the 3CX PhoneSystem machine), the route taken by the call, and any other information you think could be relevant
  • After the call is terminated and you have finished replicating your issue, stop the Wireshark capture/s, and save in PCAP format
  • create a Support Info file:
    • Start the 3CX Management Console from Start Menu -> Programs -> 3CX Phone System, or access it directly from your browser.
    • From the menu bar of the 3CX Management Console, select “Help > Generate Support Info”. Wait for the Management Console to generate the support file, which may take some time depending on the size of the logs. When ready, you will be prompted to save the resulting ZIP file to your download folder.
    • Update the support ticket with all the relevant information collected to reproduce the issue
    • Attach the ZIP file to the ticket
    • Attach the PCAP file to the ticket
  • Make sure you DISABLE the “Keep backup of log files” option, and set the logging level back to its previous setting

Liked this article?

Get notified of new articles
or share
You might also be interested in: