[asterisk-users] OT: Want to capture all SIP messages
tony at softins.co.uk
Thu Jun 1 05:09:51 CDT 2017
In article <alpine.DEB.2.20.1705311339370.15080 at ws.sedwards.com>,
Steve Edwards <asterisk.org at sedwards.com> wrote:
> On Wed, 31 May 2017, Steve Edwards wrote:
> > I want to capture all SIP messages.
> > I have about 30 hosts in about 6 colos.
> > My first thought was dumpcap, but the output file name format bugs me.
> > What do you use for long term SIP capture?
> A little more specificity...
> I'd like the capture to be in a series of files that can be 'rotated' or
> 'aged out' so that I can always have x days of traffic on hand but not
> have to prune the files to keep the storage requirements reasonable.
On most of my systems I have a script sip-capture:
tcpdump -C 8 -i any -n -p -s 0 -w $FILE udp port 5060 </dev/null >/dev/null 2>&1 &
I start it in /etc/rc.d/rc.local for want of anywhere better.
Being in /var/tmp, cron.daily/tmpwatch deletes files older than 30 days.
I could just have easily put them somewhere else and used the -W option
to tcpdump to remove old files on a rolling basis.
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org
More information about the asterisk-users