[asterisk-users] OT: Want to capture all SIP messages
ewieling
ewieling at nyigc.com
Fri Jun 2 11:00:52 CDT 2017
I use pcapsipdump. It has the added advantage of splitting the captures
into individual calls
On 06/01/2017 06:09 AM, Tony Mountifield wrote:
> In article <alpine.DEB.2.20.1705311339370.15080 at ws.sedwards.com>,
> Steve Edwards <asterisk.org at sedwards.com> wrote:
>> On Wed, 31 May 2017, Steve Edwards wrote:
>>
>>> I want to capture all SIP messages.
>>>
>>> I have about 30 hosts in about 6 colos.
>>>
>>> My first thought was dumpcap, but the output file name format bugs me.
>>>
>>> What do you use for long term SIP capture?
>> A little more specificity...
>>
>> I'd like the capture to be in a series of files that can be 'rotated' or
>> 'aged out' so that I can always have x days of traffic on hand but not
>> have to prune the files to keep the storage requirements reasonable.
> On most of my systems I have a script sip-capture:
>
> ---
> #!/bin/sh
>
> DATE=`date '+%Y%m%d-%H%M%S'`
> FILE=sip-`hostname -s`-$DATE.pkt
>
> cd /var/tmp
>
> tcpdump -C 8 -i any -n -p -s 0 -w $FILE udp port 5060 </dev/null >/dev/null 2>&1 &
> ---
>
> I start it in /etc/rc.d/rc.local for want of anywhere better.
>
> Being in /var/tmp, cron.daily/tmpwatch deletes files older than 30 days.
> I could just have easily put them somewhere else and used the -W option
> to tcpdump to remove old files on a rolling basis.
>
> Cheers
> Tony
More information about the asterisk-users
mailing list