[asterisk-users] OT: Want to capture all SIP messages
Marcelo Terres
mhterres at gmail.com
Fri Jun 2 11:09:18 CDT 2017
You can save individual calls with voipmonitor too, and it save the
info in a mysql db, allowing you to search the pcap files easily.
Marcelo H. Terres <mhterres at gmail.com>
IM: mhterres at jabber.mundoopensource.com.br
https://www.mundoopensource.com.br
https://twitter.com/mhterres
https://linkedin.com/in/marceloterres
On 2 June 2017 at 17:00, ewieling <ewieling at nyigc.com> wrote:
>
> I use pcapsipdump. It has the added advantage of splitting the captures
> into individual calls
>
>
>
> On 06/01/2017 06:09 AM, Tony Mountifield wrote:
>>
>> In article <alpine.DEB.2.20.1705311339370.15080 at ws.sedwards.com>,
>> Steve Edwards <asterisk.org at sedwards.com> wrote:
>>>
>>> On Wed, 31 May 2017, Steve Edwards wrote:
>>>
>>>> I want to capture all SIP messages.
>>>>
>>>> I have about 30 hosts in about 6 colos.
>>>>
>>>> My first thought was dumpcap, but the output file name format bugs me.
>>>>
>>>> What do you use for long term SIP capture?
>>>
>>> A little more specificity...
>>>
>>> I'd like the capture to be in a series of files that can be 'rotated' or
>>> 'aged out' so that I can always have x days of traffic on hand but not
>>> have to prune the files to keep the storage requirements reasonable.
>>
>> On most of my systems I have a script sip-capture:
>>
>> ---
>> #!/bin/sh
>>
>> DATE=`date '+%Y%m%d-%H%M%S'`
>> FILE=sip-`hostname -s`-$DATE.pkt
>>
>> cd /var/tmp
>>
>> tcpdump -C 8 -i any -n -p -s 0 -w $FILE udp port 5060 </dev/null
>> >/dev/null 2>&1 &
>> ---
>>
>> I start it in /etc/rc.d/rc.local for want of anywhere better.
>>
>> Being in /var/tmp, cron.daily/tmpwatch deletes files older than 30 days.
>> I could just have easily put them somewhere else and used the -W option
>> to tcpdump to remove old files on a rolling basis.
>>
>> Cheers
>> Tony
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list