Architecture: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
= Architecture =  
= Architecture =  


VoIPmonitor architecture allows running multiple sensors (linux) and one MySQL/HTTP server. Call detail records (CDR) are saved over MySQL TCP protocol to local or remote database and pcap files (which stores SIP and RTP packets) are saved on local sensor storage. WEB GUI reads CDR from database and can read pcap files from local disk (in all in one setup) or directly from the sniffer over TCP manager interface (on port 5029).  
VoIPmonitor architecture allows running multiple sensors (linux) and central MySQL and GUI server. Call detail records (CDR) are send over MySQL TCP protocol to local or remote database and pcap files (SIP and RTP packets) are saved to local sensor storage. WEB GUI reads CDR from database and reads pcap files from local disk (in all in one setup) or directly from the sniffer over TCP manager interface (TCP port 5029).
 
In next chapters is discussed various topology.  


[[File:architecture.png]]
[[File:architecture.png]]


== All in one ==
== All in one ==
If the sensor is installed on the same server as MySQL and WEB server you do not need to configure sensors in GUI. The GUI is reading PCAP files directly from local file system and database are connected via localhost mysql database.  
If the sensor is installed on the same server as MySQL and GUI you do not need to configure sensors in GUI. The GUI is reading PCAP files directly from local file system and database are connected via localhost mysql database.
 
== Multiple remote sensors one DB/GUI server ==
Remote sensor can act as packet sender only to (since version 8) remote sensor which runs on different server. In this mode the sender sensor does not process any packet but only packs it to TCP stream (with optional and recommended compression) to another sensor instance which receive it and process it like it is sniffing directly on network interface. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs. Which also means that the sender sensor is not taking much resources like sensor in standard mode.  


== Multiple remote sensors one DB/WEB server ==
Remote sensor in standard mode processes all packets and stores CDR to remote database keeping pcap files (if enabled) on local disk. The GUI is configured to know about that sensor (by ID and IP address) and the pcap file is downloaded from remote sensor only on demand. The configuration is as follow:
If sensors are remote it needs to be configured to do so.  


*TCP manager interface must listen not only on localhost so the GUI server can reach it. In voipmonitor.conf set managerip = 0.0.0.0
*TCP manager interface must listen not only on localhost so the GUI server can reach it. In voipmonitor.conf set managerip = 0.0.0.0
*Set mysql in voipmonitor.conf to store to remote database
*Set mysql in voipmonitor.conf to store to remote database
*set id_sensor to some number (this is required)  
*set id_sensor to some number (required)  
*In the GUI add the sensor in [[Settings#Sensors]]
*In the GUI add the sensor in [[Settings#Sensors]] (keep the mysql input blank)


= Sniffing packets =  
= Sniffing packets =  
Line 30: Line 34:
=== Software mirroring ===
=== Software mirroring ===


If your switch lacks mirroring feature you can mirror packets using Linux iptables feature or you can set sniffer in only special mirror mode which sniffs on the PBX/SBC all packets and mirrors them to central sniffer server over IPinIP protocol. For more details refer to sniffer manual.
If your switch lacks mirroring feature you can mirror packets using mirror function in the sniffer. Refer to the sniffer manual section.

Revision as of 16:46, 18 July 2013

Architecture

VoIPmonitor architecture allows running multiple sensors (linux) and central MySQL and GUI server. Call detail records (CDR) are send over MySQL TCP protocol to local or remote database and pcap files (SIP and RTP packets) are saved to local sensor storage. WEB GUI reads CDR from database and reads pcap files from local disk (in all in one setup) or directly from the sniffer over TCP manager interface (TCP port 5029).

In next chapters is discussed various topology.

All in one

If the sensor is installed on the same server as MySQL and GUI you do not need to configure sensors in GUI. The GUI is reading PCAP files directly from local file system and database are connected via localhost mysql database.

Multiple remote sensors one DB/GUI server

Remote sensor can act as packet sender only to (since version 8) remote sensor which runs on different server. In this mode the sender sensor does not process any packet but only packs it to TCP stream (with optional and recommended compression) to another sensor instance which receive it and process it like it is sniffing directly on network interface. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs. Which also means that the sender sensor is not taking much resources like sensor in standard mode.

Remote sensor in standard mode processes all packets and stores CDR to remote database keeping pcap files (if enabled) on local disk. The GUI is configured to know about that sensor (by ID and IP address) and the pcap file is downloaded from remote sensor only on demand. The configuration is as follow:

  • TCP manager interface must listen not only on localhost so the GUI server can reach it. In voipmonitor.conf set managerip = 0.0.0.0
  • Set mysql in voipmonitor.conf to store to remote database
  • set id_sensor to some number (required)
  • In the GUI add the sensor in Settings#Sensors (keep the mysql input blank)

Sniffing packets

VoIPmonitor sniffer can run only on Linux. You can compile it or download static binaries and run it directly on your PBX / SBC. But although the sniffer was designed to handle thousands of simultaneous calls it is recommended to install it on dedicated Linux server (which can be also virtual).

The sniffer can listen only on one interface or on all interfaces (interface=any). For more information refer to sniffer manual.

Mirroring packets

Hardware mirroring

If the sniffer cannot run directly on PBX/SBC you need to mirror packets to sniffer server. The most common approach is to do it in hardware switch. This feature is called spanning or mirroring ports. Check if your switch can do this. Some PBX/SBC are capable of mirroring VoIP using IP in IP protocol which voipmonitor supports natively (enabled by default).

Software mirroring

If your switch lacks mirroring feature you can mirror packets using mirror function in the sniffer. Refer to the sniffer manual section.