I want to capture all SIP messages.
I have about 30 hosts in about 6 colos.
My first thought was dumpcap, but the output file name format bugs me.
What do you use for long term SIP capture?
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
https://www.linkedin.com/in/steve-edwards-4244281
On 5/31/2017 3:36 PM, Steve Edwards wrote:> I want to capture all SIP messages. > > I have about 30 hosts in about 6 colos. > > My first thought was dumpcap, but the output file name format bugs me. > > What do you use for long term SIP capture? >voipmonitor is what you want.
On Wed, May 31, 2017 at 12:36:47PM -0700, Steve Edwards wrote:> I want to capture all SIP messages. > > I have about 30 hosts in about 6 colos. > > My first thought was dumpcap, but the output file name format bugs me. > > What do you use for long term SIP capture?What bugs you about the output format? There are multiple ways to display stored information, wireshark can be extremely usefull (and unstable) or just dump plain text by replaying the pcap with ngrep. Ways I used so far: -tshark to produce pcap file (-b duration:x to split up files into time intervals -"sip set log on" to store it plain text in asterisk log files (or pjsip set logger on) -ngrep -W byline to store it in Will look into in the near future: -Homer via res_hep_pjsip -voipmonitor (didn't know about till just now thanks to Marks reply)
Barry Flanagan
2017-May-31 20:29 UTC
[asterisk-users] OT: Want to capture all SIP messages
Voipmonitor, or sngrep -Barry Flanagan On 31 May 2017 at 20:36, Steve Edwards <asterisk.org at sedwards.com> wrote:> I want to capture all SIP messages. > > I have about 30 hosts in about 6 colos. > > My first thought was dumpcap, but the output file name format bugs me. > > What do you use for long term SIP capture? > > -- > Thanks in advance, > ------------------------------------------------------------------------- > Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST > https://www.linkedin.com/in/steve-edwards-4244281 > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170531/3a9aff5e/attachment.html>
Barry Flanagan
2017-May-31 20:32 UTC
[asterisk-users] OT: Want to capture all SIP messages
On 31 May 2017 at 21:29, Barry Flanagan <barryf-lists at flanagan.ie> wrote:> Voipmonitor, or sngrep > >Sorry, didn't see the "long term" bit. voipmonitor or Homer are your best best. -Barry Flanagan> -Barry Flanagan > > > > > > > On 31 May 2017 at 20:36, Steve Edwards <asterisk.org at sedwards.com> wrote: > >> I want to capture all SIP messages. >> >> I have about 30 hosts in about 6 colos. >> >> My first thought was dumpcap, but the output file name format bugs me. >> >> What do you use for long term SIP capture? >> >> -- >> Thanks in advance, >> ------------------------------------------------------------------------- >> Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST >> https://www.linkedin.com/in/steve-edwards-4244281 >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170531/fd00195a/attachment.html>
> On Wed, May 31, 2017 at 12:36:47PM -0700, Steve Edwards wrote: >> I want to capture all SIP messages. >> >> I have about 30 hosts in about 6 colos. >> >> My first thought was dumpcap, but the output file name format bugs me. >> >> What do you use for long term SIP capture?On Wed, 31 May 2017, Daniel Tryba wrote:> What bugs you about the output format?It's been a while, but as I recollect, it included the date/timestamp in the file name of the 'ring buffer' which meant that each time the host was rebooted, dumpcap didn't know the files from the previous run should be deleted when they 'aged out.' -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST https://www.linkedin.com/in/steve-edwards-4244281
On Wed, 31 May 2017, Steve Edwards wrote:> I want to capture all SIP messages. > > I have about 30 hosts in about 6 colos. > > My first thought was dumpcap, but the output file name format bugs me. > > What do you use for long term SIP capture?A little more specificity... I'd like the capture to be in a series of files that can be 'rotated' or 'aged out' so that I can always have x days of traffic on hand but not have to prune the files to keep the storage requirements reasonable. -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST https://www.linkedin.com/in/steve-edwards-4244281
On Wed, 31 May 2017, Barry Flanagan wrote:> sngrep?Isn't sngrep a great tool? Since discovering it my use of tcpdump/wireshark has cratered. Being able to compare an INVITE that worked with one that didn't (with color highlighting) rocks. -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST https://www.linkedin.com/in/steve-edwards-4244281
Tony Mountifield
2017-Jun-01 10:09 UTC
[asterisk-users] OT: Want to capture all SIP messages
In article <alpine.DEB.2.20.1705311339370.15080 at ws.sedwards.com>, Steve Edwards <asterisk.org at sedwards.com> wrote:> On Wed, 31 May 2017, Steve Edwards wrote: > > > I want to capture all SIP messages. > > > > I have about 30 hosts in about 6 colos. > > > > My first thought was dumpcap, but the output file name format bugs me. > > > > What do you use for long term SIP capture? > > A little more specificity... > > I'd like the capture to be in a series of files that can be 'rotated' or > 'aged out' so that I can always have x days of traffic on hand but not > have to prune the files to keep the storage requirements reasonable.On most of my systems I have a script sip-capture: --- #!/bin/sh DATE=`date '+%Y%m%d-%H%M%S'` FILE=sip-`hostname -s`-$DATE.pkt cd /var/tmp tcpdump -C 8 -i any -n -p -s 0 -w $FILE udp port 5060 </dev/null >/dev/null 2>&1 & --- I start it in /etc/rc.d/rc.local for want of anywhere better. Being in /var/tmp, cron.daily/tmpwatch deletes files older than 30 days. I could just have easily put them somewhere else and used the -W option to tcpdump to remove old files on a rolling basis. Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org