Tony Mountifield
2017-Jun-01 10:09 UTC
[asterisk-users] OT: Want to capture all SIP messages
In article <alpine.DEB.2.20.1705311339370.15080 at ws.sedwards.com>, Steve Edwards <asterisk.org at sedwards.com> wrote:> On Wed, 31 May 2017, Steve Edwards wrote: > > > I want to capture all SIP messages. > > > > I have about 30 hosts in about 6 colos. > > > > My first thought was dumpcap, but the output file name format bugs me. > > > > What do you use for long term SIP capture? > > A little more specificity... > > I'd like the capture to be in a series of files that can be 'rotated' or > 'aged out' so that I can always have x days of traffic on hand but not > have to prune the files to keep the storage requirements reasonable.On most of my systems I have a script sip-capture: --- #!/bin/sh DATE=`date '+%Y%m%d-%H%M%S'` FILE=sip-`hostname -s`-$DATE.pkt cd /var/tmp tcpdump -C 8 -i any -n -p -s 0 -w $FILE udp port 5060 </dev/null >/dev/null 2>&1 & --- I start it in /etc/rc.d/rc.local for want of anywhere better. Being in /var/tmp, cron.daily/tmpwatch deletes files older than 30 days. I could just have easily put them somewhere else and used the -W option to tcpdump to remove old files on a rolling basis. Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org
I use pcapsipdump. It has the added advantage of splitting the captures into individual calls On 06/01/2017 06:09 AM, Tony Mountifield wrote:> In article <alpine.DEB.2.20.1705311339370.15080 at ws.sedwards.com>, > Steve Edwards <asterisk.org at sedwards.com> wrote: >> On Wed, 31 May 2017, Steve Edwards wrote: >> >>> I want to capture all SIP messages. >>> >>> I have about 30 hosts in about 6 colos. >>> >>> My first thought was dumpcap, but the output file name format bugs me. >>> >>> What do you use for long term SIP capture? >> A little more specificity... >> >> I'd like the capture to be in a series of files that can be 'rotated' or >> 'aged out' so that I can always have x days of traffic on hand but not >> have to prune the files to keep the storage requirements reasonable. > On most of my systems I have a script sip-capture: > > --- > #!/bin/sh > > DATE=`date '+%Y%m%d-%H%M%S'` > FILE=sip-`hostname -s`-$DATE.pkt > > cd /var/tmp > > tcpdump -C 8 -i any -n -p -s 0 -w $FILE udp port 5060 </dev/null >/dev/null 2>&1 & > --- > > I start it in /etc/rc.d/rc.local for want of anywhere better. > > Being in /var/tmp, cron.daily/tmpwatch deletes files older than 30 days. > I could just have easily put them somewhere else and used the -W option > to tcpdump to remove old files on a rolling basis. > > Cheers > Tony
Marcelo Terres
2017-Jun-02 16:09 UTC
[asterisk-users] OT: Want to capture all SIP messages
You can save individual calls with voipmonitor too, and it save the info in a mysql db, allowing you to search the pcap files easily. Marcelo H. Terres <mhterres at gmail.com> IM: mhterres at jabber.mundoopensource.com.br https://www.mundoopensource.com.br https://twitter.com/mhterres https://linkedin.com/in/marceloterres On 2 June 2017 at 17:00, ewieling <ewieling at nyigc.com> wrote:> > I use pcapsipdump. It has the added advantage of splitting the captures > into individual calls > > > > On 06/01/2017 06:09 AM, Tony Mountifield wrote: >> >> In article <alpine.DEB.2.20.1705311339370.15080 at ws.sedwards.com>, >> Steve Edwards <asterisk.org at sedwards.com> wrote: >>> >>> On Wed, 31 May 2017, Steve Edwards wrote: >>> >>>> I want to capture all SIP messages. >>>> >>>> I have about 30 hosts in about 6 colos. >>>> >>>> My first thought was dumpcap, but the output file name format bugs me. >>>> >>>> What do you use for long term SIP capture? >>> >>> A little more specificity... >>> >>> I'd like the capture to be in a series of files that can be 'rotated' or >>> 'aged out' so that I can always have x days of traffic on hand but not >>> have to prune the files to keep the storage requirements reasonable. >> >> On most of my systems I have a script sip-capture: >> >> --- >> #!/bin/sh >> >> DATE=`date '+%Y%m%d-%H%M%S'` >> FILE=sip-`hostname -s`-$DATE.pkt >> >> cd /var/tmp >> >> tcpdump -C 8 -i any -n -p -s 0 -w $FILE udp port 5060 </dev/null >> >/dev/null 2>&1 & >> --- >> >> I start it in /etc/rc.d/rc.local for want of anywhere better. >> >> Being in /var/tmp, cron.daily/tmpwatch deletes files older than 30 days. >> I could just have easily put them somewhere else and used the -W option >> to tcpdump to remove old files on a rolling basis. >> >> Cheers >> Tony > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users