Architecture: Difference between revisions
No edit summary |
|||
Line 1: | Line 1: | ||
= Architecture = | = Architecture = | ||
VoIPmonitor architecture allows running multiple sensors (linux) and | VoIPmonitor architecture allows running multiple sensors (linux) and central MySQL and GUI server. Call detail records (CDR) are send over MySQL TCP protocol to local or remote database and pcap files (SIP and RTP packets) are saved to local sensor storage. WEB GUI reads CDR from database and reads pcap files from local disk (in all in one setup) or directly from the sniffer over TCP manager interface (TCP port 5029). | ||
In next chapters is discussed various topology. | |||
[[File:architecture.png]] | [[File:architecture.png]] | ||
== All in one == | == All in one == | ||
If the sensor is installed on the same server as MySQL and | If the sensor is installed on the same server as MySQL and GUI you do not need to configure sensors in GUI. The GUI is reading PCAP files directly from local file system and database are connected via localhost mysql database. | ||
== Multiple remote sensors one DB/GUI server == | |||
Remote sensor can act as packet sender only to (since version 8) remote sensor which runs on different server. In this mode the sender sensor does not process any packet but only packs it to TCP stream (with optional and recommended compression) to another sensor instance which receive it and process it like it is sniffing directly on network interface. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs. Which also means that the sender sensor is not taking much resources like sensor in standard mode. | |||
Remote sensor in standard mode processes all packets and stores CDR to remote database keeping pcap files (if enabled) on local disk. The GUI is configured to know about that sensor (by ID and IP address) and the pcap file is downloaded from remote sensor only on demand. The configuration is as follow: | |||
*TCP manager interface must listen not only on localhost so the GUI server can reach it. In voipmonitor.conf set managerip = 0.0.0.0 | *TCP manager interface must listen not only on localhost so the GUI server can reach it. In voipmonitor.conf set managerip = 0.0.0.0 | ||
*Set mysql in voipmonitor.conf to store to remote database | *Set mysql in voipmonitor.conf to store to remote database | ||
*set id_sensor to some number ( | *set id_sensor to some number (required) | ||
*In the GUI add the sensor in [[Settings#Sensors]] | *In the GUI add the sensor in [[Settings#Sensors]] (keep the mysql input blank) | ||
= Sniffing packets = | = Sniffing packets = | ||
Line 30: | Line 34: | ||
=== Software mirroring === | === Software mirroring === | ||
If your switch lacks mirroring feature you can mirror packets using | If your switch lacks mirroring feature you can mirror packets using mirror function in the sniffer. Refer to the sniffer manual section. |
Revision as of 16:46, 18 July 2013
Architecture
VoIPmonitor architecture allows running multiple sensors (linux) and central MySQL and GUI server. Call detail records (CDR) are send over MySQL TCP protocol to local or remote database and pcap files (SIP and RTP packets) are saved to local sensor storage. WEB GUI reads CDR from database and reads pcap files from local disk (in all in one setup) or directly from the sniffer over TCP manager interface (TCP port 5029).
In next chapters is discussed various topology.
All in one
If the sensor is installed on the same server as MySQL and GUI you do not need to configure sensors in GUI. The GUI is reading PCAP files directly from local file system and database are connected via localhost mysql database.
Multiple remote sensors one DB/GUI server
Remote sensor can act as packet sender only to (since version 8) remote sensor which runs on different server. In this mode the sender sensor does not process any packet but only packs it to TCP stream (with optional and recommended compression) to another sensor instance which receive it and process it like it is sniffing directly on network interface. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs. Which also means that the sender sensor is not taking much resources like sensor in standard mode.
Remote sensor in standard mode processes all packets and stores CDR to remote database keeping pcap files (if enabled) on local disk. The GUI is configured to know about that sensor (by ID and IP address) and the pcap file is downloaded from remote sensor only on demand. The configuration is as follow:
- TCP manager interface must listen not only on localhost so the GUI server can reach it. In voipmonitor.conf set managerip = 0.0.0.0
- Set mysql in voipmonitor.conf to store to remote database
- set id_sensor to some number (required)
- In the GUI add the sensor in Settings#Sensors (keep the mysql input blank)
Sniffing packets
VoIPmonitor sniffer can run only on Linux. You can compile it or download static binaries and run it directly on your PBX / SBC. But although the sniffer was designed to handle thousands of simultaneous calls it is recommended to install it on dedicated Linux server (which can be also virtual).
The sniffer can listen only on one interface or on all interfaces (interface=any). For more information refer to sniffer manual.
Mirroring packets
Hardware mirroring
If the sniffer cannot run directly on PBX/SBC you need to mirror packets to sniffer server. The most common approach is to do it in hardware switch. This feature is called spanning or mirroring ports. Check if your switch can do this. Some PBX/SBC are capable of mirroring VoIP using IP in IP protocol which voipmonitor supports natively (enabled by default).
Software mirroring
If your switch lacks mirroring feature you can mirror packets using mirror function in the sniffer. Refer to the sniffer manual section.