FAQ
Scalability
How does voipmonitor scale?
Read this: Scaling
How to clean old data and database?
Read this: Data Cleaning
CDR
What is the red small icon in CDR?
The red icon in those columns signalize which side sends BYE first.
How to interpret two charts in the cdr detail?
See this: Graph cheat sheet
Regexps examples usable in CDR view
!R(^[+]?[0-9]+$) - to get all weird CDRs (where callerNum have letters or special chars in its number)
There is a delay between active calls view and the CDR view
Please, read following content: SQL queue is growing in a peaktime
Please, read following content: Minimizing Delay Between Call End and CDR Database Storage
Supported architectures
What architectures are tested?
x86 32 and 64, ARMv5 - (if you have error with missing "__sync_fetch_and_sub_8" you have to upgrade GCC compiler to version 4.8)
Is AWS supported
Yes AWS is supported. For working license check you usually need to change /dev/root attrs to be readable by all (web-server) run: chmod 644 /dev/root
Are dockers/containers supported
Yes, the GUI can run in containered env. You should ensure that /proc/self/cgroup.txt will not change the content with every container restart otherwise you will be asked for license key update every reboot.
Are hosted/cloud db supported
voipmonitor requires mysql type of db (mysql/mariab/percona) no matter where the database is located. by default the mysql user should have SUPER and ALL privileges granted
Azure
Because there is not possible to set SUPER privilege, you need to set at least following options when configuring db
configure Options
innodb_file_per_table = ON log_bin_trust_function_creators = ON 1100 IOPS are required for 5000 concurrent calls
Configuration
Why I do not see sip packets other then port 5060?
Voipmonitor sniffer by default sniffs packets only on port 5060 from or to. If you need to sniff more SIP ports you need to specify it in configuration. Please see this: Sniffer_configuration#sipport
How to disable timezone check
Go to settings -> System configuration -> Advanced section -> Hide timezone information -> Enable and set to TRUE
Problems with packet mirroring on esxi 6.5
Behavior
When a port group is set to VLAN 4095, this activates VGT mode. In this mode, the vSwitch passes all network frames to the guest VM without modifying the VLAN tags, leaving it up to the guest to deal with them. VLAN 4095 should be used only if the guest has been specifically configured to manage VLAN tags itself. If VGT is enabled inappropriately, it might cause denial-of-service or allow a guest VM to interact with traffic on an unauthorized VLAN.
Solution
From the vSphere Web Client:
select the ESXi Host and go to Configure >> Networking >> Virtual switches. Highlight a port group (where VLAN ID set to 4095) and click Edit settings. Change the VLAN ID to not be 4095 and click OK.
or From a PowerCLI command prompt while connected to the ESXi host run the following command:
Get-VirtualPortGroup -Name 'portgroup name' | Set-VirtualPortGroup -VLanId 'New VLAN#'
Audiocodes tunneling
Follow the link to get details on how to enable processing of the audiocodes tunneling by voipmonitor
Use of the sniffer's api
The new sniffer version since 32.0 has the encryption on api enabled Encryption_in_manager_api_customer is the doc describing how to use the api with or without encryption
Licensing
How to know how many license channels do we need?
You can have unlimited number of phones / endpoints but you need to buy channels according to your maximum number of calls at the same time during peak.
Go to GUI -> Tools -> concurrent calls which will show peaks past 14 days. All multiple legs are already aggregated into single channel so you do not need to buy extra channels in case you have two or more CDR per one real call. The intention is to scale pricing based on real concurrent calls not accounting multiple legs of the same calls.
How does having multiple sensors affect the licensing? If I add a 2-3 remote sensors to the system, would they use the same license pool?
Central GUI calculates connected channels for the whole database but groups all calls legs as a single call so multiple legs are not counted twice etc.
accident / unwanted spikes
If your license is blocked due to high spike (accident / hack whatever) you need to delete those CDR from database via the GUI (filter those calls and in toolbar use delete buttons) and then try to unblock the license or run "php /var/www/html/php/run.php saveCallStatistics". If you do not want to delete them and you will have higher channels than your license for three consecutive days your license will be blocked after 14 days - you need to upgrade to higher channels license which you can do on voipmonitor.org portal.
DTMF
You can enable DTMF RFC2833 or DTMF SIP INFO in voipmonitor.conf by enabling:
dtmf2db = yes
You can also enable DTMF inband detection (only for G.711) by enabling (it will take some CPU)
inbanddtmf = yes
Audio files
Bulk download of pcaps or audio (wav/ogg)
Read this: download of pcap files / audio files using GUI's api
Batch download of an audio from CDRs for more then 1000 CDRs
Read this: Batch download of audio for 1000+ CDRs
Batch conversion from wav to ogg in a spooldir
If you set saveaudio=wav, the audio files getting created in a spooldir, you can set saveaudio=ogg to save space but for the calls/audio already stored in a spooldir, you need to convert to .ogg and remove .wav file.
Run following commands in a spooldir
The first is for coversion wav to ogg, and second is for remove of all wav files from current location and the third is to set web-server's user ownership to allow GUI read the new ogg files.
cd /var/spool/voipmonitor find ./ -name '*.wav' -exec bash -c 'ffmpeg -i $0 -vn -acodec libvorbis ${0/wav/ogg}' {} \; find ./ -name '*.wav' -exec rm -f {} \; chown www-data ./ -R
Get the audio file from SIP&RTP pcap extracted from spooldir
Read this: create audio from packet dumps located in a spooldir
GeoIP location services
Read this: order of GeoIP processing
Self signed certificate
Read this: Enable SSL/TLS + self signed certificate for http server
Lost admin's GUI pasword
Read this: User_Management
Corrupted GUI installation, how to reinstall the GUI
Read this: Re-install_the_GUI
Upgrade of the OS and php version changed - how to make the GUI works again with recent php
Read this: GUI_Installation#Re-installing_the_GUI
Bad sniffer version, how to reinstall the sniffer to latest version
Read this: Latest_sniffer
What does Audit log cover
It covers these actions of users in the GUI:
- download wav
- download pcap
- play wav
- show fax
- batch download
- filter CDR in form
- login
- logout
Precision for CDRs datetime
by default voipmonitor stores CDRs in seconds precision. If you need to have in CDR view calldate in milliseconds precission folow next how to how to enable milliseconds precision
PCI compliance
Voipmonitor is PCI compliance ready.
To control what to store to disk / database check [capture rules]
Turn off audio recording and DTMF via RFC2833 globally
To prevent recording audio and DTMFviaRTP see [savertp=header]
To prevent recording RTP at all [savertp=no]
To prevent recording just DTMF packets (SIP info/rfc2833) into DB and into spooldir (pcaps)
dtmf2db = no dtmf2pcap = no
Turn off audio recording selectively
With savertp=yes in /etc/voipmonitor.conf you can disable audio recording only for some IPs / tel.numbers / SIP domains or any SIP header values [SAVE RTP=OFF|HEADER]
Turn on audio recording selectively
With savertp=no|header in /etc/voipmonitor.conf you can enable audio recording only for some IPs / tel.numbers / SIP domains or any SIP header values [SAVERTP=ON] using capture rules.
Turn off DTMF storing to db selectively
With dtmf2db=yes in /etc/voipmonitor.conf you will force sniffer to store DTMF it detects (RF2833/SIP INFO) into db. If you want to not store the DTMF detected in call into CDR for some IPs / tel.numbers / SIP domains or any SIP header values, create capture rule and set there record DTMF=OFF or record DTMF=only pcap - in case you want DTMF packets to be stored into pcap but not to db.
Turn off DTMF storing to pcap selectively
With savertp=yes and savesip=yes in /etc/voipmonitor.conf you will force sniffer to store DTMF(RF2833/SIP INFO) it detects into pcap. If you want to not store DTMF detected into pcap for some IPs / tel.numbers / SIP domains but you still need to collect SIP and RTP for these calls, create capture rule and set there record DTMF=OFF or record DTMF=only db.
Turn off DTMF storing to pcap and DB selectively
If you want to not store the DTMF detected in call's pcap for some IPs / tel.numbers / SIP domains or any SIP header values, create capture rule and set there record DTMF=OFF. (DTMF via SIP info and DTMF RFC2833) will not be stored to packets records, and to db.
Disable spying on live calls
You can disable possibility of GUI to do live spying on calls that uses g711 codec, in the sniffers config set option liveaudio=no
How to enable milliseconds precision
How_to_enable_milliseconds_precision
How to enalbe ipv6 processing
By default is voipmonitor processing ipv4 traffic.
New Database or old CDRs can be removed
Set in /etc/voipmonitor.conf
ipv6=yes
(Drop database voipmonitor, create new and then restart the sniffer service)
Database already contains CDRs ipv4
Because the data by default gets stored into int column using inet_aton, but ipv6 it storing it into different type of a same column with inet6_aton functions - then it is necessary to use additional steps:
Easy way
let know to the GUI that there are IP adresses stored in various formats with: IPV6_SAFE_CONDITION_FOR_IPV4 set to true in GUI's configuration.php (GUI->Settings->system configuration->Advanced: Combines IPv4 queries with using....
then run the column's ALTERS described in GUIs installation dir in file
/var/www/html/scripts/ipv6_alter.sql
then set ipv6=yes in /etc/voipmonitor.conf and restart sniffer service
Beware that the GUI's IPV6 option will decrease the performance of a GUI - you should have it there enabled only until the CDRs prior to date of ipv6 change in columns are present.
Better Way
first modify the columns type using all the alters documented in GUIs installation file /var/www/html/scripts/ipv6_alter.sql and then UPDATE all the related CDR tables(data) - (move content ipv4 to ipv6 datasize) Example for cdr table only:
UPDATE cdr set a_saddr = inet6_aton(inet_ntoa(a_saddr)), b_saddr = inet6_aton(inet_ntoa(b_saddr)), sipcallerip = inet6_aton(inet_ntoa(sipcallerip)), sipcalledip = inet6_aton(inet_ntoa(sipcalledip));
Because there needs to be run multiple updates/alters we are developing new migration mode that will be able to migrate the ipv4 to ipv6 columns with data modifications. Please contact the support@voipmonitor.org if you need help in enabling ipv6 with current CDRs in ipv4.
Register packets
By default is collecting of register packets disabled. You can enable it with option sip-register=yes in /etc/voipmonitor.conf and service restart. More reading in [in register doc]
Where are Register records stored?
Active register
Unlike tables for states and failed registrations, there is no table in database for active registrations - you need to ask api of the voipmonitor sniffer service for list of registers
Here is [example script] that lists all active registrations if sipcallerip is matching the only argument
Failed register
there is in voipmonitor database the table register_failed where are all failed register stored (in case there is multipletimes same failures in short interval the column counter representing how many failed register requests there was in interval 120s instead of creating record for each.
Register State
there is in voipmonitor database the table register_state where are all expired/unregistered records stored.
Q: how can I get latest sniffer release if sourceforge not works?
A: instead of download link
https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz
use the link that links directly to our site:
https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz
Geek's/Developer's corner
Read this: Internal_support_hints
.