gistfile1.txt

#
# voipmonitor.org configuration file
#
# location of this file is at ~/.voipmonitor.conf or /etc/voipmonitor.conf
# command line parameters overrides configuration directives in this file
# allowed comments are ; or #. 
#

[general]

# in case of running more voipmonitor instances on the same or another servers configured to save to one database and the same cdr table
# it is possible to differentiate CDR by id_sensor column. If you set id_sensor >= 0 the number will be saved in cdr.id_sensor column.
#id_sensor = 1

# voipmonitor is able to sniff directly on network interface or it can read files. 

# listening interface. Can be 'any' which will listen on all interfaces - NOTE that "any" will not put intefaces into promiscuous mode and you have to do it with "ifconfig eth0 promisc"
# check if you are not using -i ethX argument in command line as it has more priority 
# than this configuration file
interface = eth1


# since version 8 sniffer implements new mirroring option. Sender is packing data to compressed stream over the 
# TCP to remote sniffer. 
# if you are going to use this sniffer only as a mirroring sniffer all you need is to set interface, packetbuffer_*
# set compression on and set packetbuffer_file_* so in case the connection to remote sniffer will die or will be 
# temporarily slow the sender will not loose single packet. The mirroring is trying to reconnect in case of 
# failure. Packets are mirrored including the the original timestamp and headers. 
# this mirroring hopefully replaces pcapscandir feature which will be probably removed in favor of this approach. 

# here set the sending (mirroring). The sender needs to set only interface, ringbuffer, packetbuffer_*, filter
# and this two folling mirror_destination_* 
#mirror_destination_ip          =
#mirror_destination_port        =

# here set the receiver and do not forget to set firewall so no other except the sender will be able to connect
# to the receiver
#mirror_bind_ip               =
#mirror_bind_port             =
#mirror_bind_dlt              = 1	// DLT_EN10MB Ethernet (10Mb)

# scan pcap files folder and read file by file. This is in conjuction with running tcpdump which creates pcap file each 
# 5 seconds (-G 5) storing pcap files named by UNIX_TIMESTAMP to /dev/shm/voipmonitor folder (do not forget create it) 
# using 1GB ring buffer to avoid losing packets (-B500000 - you can lower it but not higher) filtering udp packets (udp 
# parameter whcih you can change to your needs). voipmonitor then reads created files (and delete it after processing. 
# This approach can be used for testing throughput or for very high voip traffic (>500Mbit). If the sniffer is able to 
# process pcap files in realtime - there will be in /dev/shm/voipmonitor folder only one or two pcap files. If the sniffer 
# is not able to process in realtime (blocking by I/O or by CPU) number of pcap files will grow faster then the sniffer
# is able process. 
#
# WARNING: libpcap < 1.1 contains memory leak when pcap filter is set - do not set filter in this config or upgrade libpcap to the latest (debian 6 libpcap contains the leak) 
# static compiled voipmonitor from voipmonitor.org contains the latest libpcap 
#
# tcpdump example command:
# nice -n -20 tcpdump -B500000 -i eth2 udp -G 5 -w /dev/shm/voipmonitor 2>/dev/null 1>/dev/null &
#scanpcapdir = /dev/shm/voipmonitor


# in case the SIP(media) server is behind public IP (1.1.1.1) NATed to private IP (10.0.0.3) to sniff all traffic correctly you can 
# specify alias for this case. You can specify more netaliases duplicating rows. 
# in most cases this is not necessary because voipmonitor is able to track both RTP streams based on the other side IP. But 
# if the stream is incoming from another IP then SIP source signalization and also from another IP than the SIP device which is 
# also behind NAT its impossible to track the correct IP. Please note that this is for case where the SIP server is behind NAT
# and also the client is behind NAT. If your SIP server has public IP do not bother with this. 
#natalias = 1.1.1.1 10.0.0.3
#natalias = 1.1.1.2 10.0.0.3
#natalias = 1.1.1.3 10.0.0.4


# define bind address for manager interface. Default is 127.0.0.1 
# it is not recommended to change this unless really needed due to 
# security. If you need it on some other IP make sure you set firewall
# and change the standard port for better security
#managerip = 127.0.0.1

# define TCP manager port
managerport = 5029

# connects to server and listen for commands
#managerclient = serverip or hostname
#managerclientport = 1234

# define SIP ports wihch will voipmonitor liste. For each port make new line with sipport = port (multiple lines)
sipport = 5060
#sipport = 5061
#sipport = 5062

# rtptimeout is important value which specifies how much seconds from the last SIP packet or RTP packet is call closed 
# and writen to database. It means that if you need to monitor ONLY SIP you have to set this to at leat 2 hours = 7200
# assuming your calls is not longer than 2 hours. Take in mind that seting this to very large value will cause to keep 
# call in memory in case the call lost BYE and can consume all memory and slows down the sniffer - so do not set it to 
# very high numbers. Default is 300 seconds. 
#rtptimeout = 300

# ringbuffer is circular memory queue directly in kernel memory space. libpcap is reading from this queue and 
# delivers packets to voipmonitor. If the network rate is > 100 Mbit we recommend to set ringbuffer to at least 500
# maximum value is 2000 MB. 
# default 50 MB

ringbuffer = 50

# packet buffer is new voipmonitor buffering architecture (since version 8). If enabled new threads are created 
# which raads packets from kernel ringbuffer and queues them into dynamically allocated memory. Packets are 
# dequeued and passed to next threads which reads the content. This will ensure that kernel ringbuffer will 
# not overrun due to CPU or disk I/O spikes.
#   packet buffer will dynamically grow until packetbuffer_total_maxheap is reached. Compression can be enabled 
# (packetbuffer_compress) which compress the buffer with fast snappy algorythm with 50% compression ratio thus 
# doubling the time when the buffer gets filled (600Mbit traffic consumes ~30% one one core Xeon E5-2620).
#   It is also possible to use disk buffer if the packet buffer memory is filled by enabling 
# packetbuffer_file_totalmaxsize which is usefull when sniffer is only mirroring data over TCP to another 
# sniffer - if the connection brakes or slowed down and packet buffer gets filled it will start using file 
# buffer until the connection reestablishes so no single packet is lost. Enabling file buffer in non mirroring 
# mode to the same disk as spooldir will get not much benefit because if the process is blocked mainly due to 
# disk I/O it has no benefit to add more I/O by caching unprocessed packets to the same I/O layer. 

packetbuffer_enable             = yes
packetbuffer_total_maxheap      = 2000 #in MB 
packetbuffer_compress           = yes #enable compression 

packetbuffer_file_totalmaxsize  = 0 #MB. Default is disabled. 
packetbuffer_file_path          = /var/spool/voipmonitor/packetbuffer

# number of threads to process RTP packets. If not specified it will be number of available CPUs.
# If equal to zero RTP threading is turned off. 
# For < 150 concurrent calls you can turn it off"
#default = 0 

#rtpthreads = 0

# jitter buffer simulator variants. By default voipmonitor uses three types of jitterbuffer simulator to compute MOS score. 
# First variant is saved into cdr.[ab]_f1 and represents MOS score for devices which has only fixed 50ms jitterbuffer. 
# Second variant is same as first but for fixed 200ms and is saved to cdr.[ab]_f2
# Third varinat is adaptive jitterbuffer simulator up to 500ms
# Jitterbuffer simulator is the most CPU intensive task which is voipmonitor doing. If you are hitting CPU 100% turn
# off some of the jitterbuffer simulator. I'm recomending to use only fixed 200ms if you need to save some CPU cycles. 
#jitterbuffer_f1 = no
#jitterbuffer_f2 = yes
#jitterbuffer_adapt = no

# callslimit will limit maximum numbers of calls processed by voipmonitor at the same time. If calls are over limit 
# it will be ignored (INVITE) 
#callslimit = 0

# in case SIP session travels accross several proxies (and Call-ID header DOES not change) and you would like to track 
# all sip proxies and make them searchable in GUI / database.  If disabled cdr will store to destination sip 
# column destination IP from the first INVITE. If enabled there will be destination IP from the latest invite and all 
# proxy ip will be stored in cdr_proxy table. 
# default enabled
cdrproxy = yes

# this option allows to skip storing cdr.a_ua and cdr.b_ua - this is workaround for those who has extreme cdr rate and 
# number of user agents in database is over 1000 and CPU is not powerfull enough to store cdr in real time. In future
# this option will be removed once we optimize this rutine. 
#cdr_ua_enable = yes

# this is important option if voipmonitor is sniffing on SIP proxy and see both RTP leg of CALL.
# in that case use this option. It will analyze RTP only for the first LEG and not each 4 RTP
# streams which will confuse voipmonitor. Drawback of this switch is that voipmonitor will analyze
# SDP only for SIP packets which have the same IP and port of the first INVITE source IP
# and port. It means it will not work in case where phone sends INVITE from a.b.c.d:1024 and
# SIP proxy replies to a.b.c.d:5060. If you have better idea how to solve this problem better
# please contact support@voipmonitor.org
rtp-firstleg = no

# SSRC in RTP headers must not equal zero according to RFC so voipmonitor is ignoring such RTP by default. 
# If you still need to parse such packets enable it
# default = no
#allow-zerossrc = yes

# duplicate check do md5 sum for each packet and if md5 is same as previous packet it will discard it
# WARNING: md5 is expensive function (slows voipmonitor 3 times) so use it only if you have enough CPU or 
# for pcap conversion only . Default is no. 
#deduplicate = yes

# prior verison 8.0.1 deduplicate was comparing only data without ip header and udp header so duplicate packets 
# was matched also in case the IP addresses differes. This was good for some cases but it leads to completely 
# ignore RTP streams in other cases. Now default option is to check duplicates based on not only data but ip headers 
# too. To change this set deduplicate_ipheader = no
# default = yes
#deduplicate_ipheader = yes

# enable/disable updating called number from To: header from each caller INVITE. Default is enabled so it supports overlap dialing (RFC 3578)
# if you want to disable this behaviour and see always number only from the first INVITE set sipoverlap = no
#sipoverlap = yes

# save sip REGISTER messages
sip-register = no
# if mysql binlog is enabled, skip binlog inserts into active table (which is MEMORY type)
# if you still want to replicate this too (huge I/O impact) set it to = no
sip-register-active-nologbin = yes

# if yes, voipmonitor will not save CDR to MySQL 
nocdr = no

# if yes, all SIP calls will be ignored unless capture rules set skip flag based on IP or Tel. numbers (mysql.filter_*) 
#skipdefault = yes

# write CDR to database only if call was answered
# default = no
#cdronlyanswered = yes

# write CDR to database only if call has RTP 
# default = no
#cdronlyrtp = yes

# save SIP packets to pcap file
savesip = yes		

# save RTP packets to pcap file. savertp = yes automatically saves RTCP packets
# you can also save only RTP header without AUDIO: savertp = header
# if save RTP is aneblad it will also save UDPTL packets (used for T.38) 
# you can also set savertp = no and control what calls will record RTP in mysql table filter_ip or filter_tel 
# which is controled in GUI -> Capture rules. Sending reload command will reload configuration from filter_* 
# table. You can also set savertp = yes but denies recording RTP based on rules in filter_* table. 
savertp = yes
#savertp = header

# voipmonitor by default splits SIP and RTP packets to individual files (in case spooldiroldschema = no) which are
# located in SIP and RTP directories. This feature allows instance cleaning RTP streams differently then SIP packets 
# to join two pcap files SIP+RTP use mergecap command line utility which is included in wireshark package 
# default = yes | spooldiroldschema must be set to no
#pcapsplit = yes

# save UDPTL packets (T.38). If savertp = yes the UDPTL packets are saved automatically. If savertp = no and you want 
# to save only udptl packets enable saveudptl = yes and savertp = no
#saveudptl = yes

# save RTCP packets to pcap file
savertcp = yes

# save RTP payload to audio file. Choose 'wav' for WAV PCM or 'ogg' for OGG 25kbps format. 
# please note that this has great impact on I/O and can overload your storage leading to lose packets. Better way is to store only sip+rtp and 
# convert wav files on demand. 
saveaudio = wav

# default path to WEB GUI used to construct path to key check for codecs
# default paths:
#keycheck = /var/www/keycheck.php
#keycheck = /var/www/html/voipmonitor/php/keycheck.php

# in case you are not saving RTP at all but you still want to save DTMF carried over RTP packets (RFC2833) 
# you can enable this option. This feature slows down a bit processing RTP packets in main read thread 
# in casse voipmonitor runs in threads. 
# default = 0
#saverfc2833 = 0

# Enable storing DTMF (SIP INFO or RFC2833) to cdr_dtmf database. It will store DTMF time and key
# then it will be shown in SIP history in the GUI 
#dtmf2db = 0

# save graph data for web GUI. If you want to complress it, put here gzip
savegraph = plain

# if any of SIP message during the call contains header X-VoipMonitor-norecord call will be not converted to wav and pcap file will be deleted.
#norecord-header = yes

# if any of SIP message during the call contains DTMF INFO sequence "*0" call will be not converted to wav and pcap file will be deleted.
# default: disabled
#norecord-dtmf = yes

# enable pausing RTP/WAV recording if DTMF sequence detected. 
# default: disabled
#pauserecordingdtmf = *9

# dump all packets to /tmp/voipmonitor-[UNIX_TIMESTAMP].pcap 
#dumpallpackets = yes


# in case you need to have ethernet encapsulation and you are sniffing on interface = any set this to = yes. 
# this is needed only in case you need to merge pcap files with different encapsulations. default is no
# convert_dlt_sll2en10 = no

# enable MOS score for G.729 codec. If enabled, all cdr with 0 packet loss and stable delays will have maximum MOS of 3.92 
# and for loss and unstable delay MOS will be calculated according to ITU-T objective PESQ method for G.729 codec. 
# if you want to use MOS as good search value which corellates loss and delay into single value leave it disabled (which is 
# by default). If set to no, all calls will be calculated like it is G.711. 
mos_g729 = no

# enable saving dscp to cdr.dscp which is 32bit number. The first 8 bits are dscp (6bits) from SIP packets from caller. Next 8 bits
# are from SIP packets from called. Next 8 bits are from caller RTP and last 8 bits are from called RTP. If you enable this 
# feature it will auto upgrade cdr table which can take long time depending on ammount of CDR in tables and I/O speed. 
# default is disabled
#dscp = no

# enable storing custom sip headers to database column cdr_next.custom_header_headername. You can specify more headers 
# delimited by ";". WARNING - when you enable this feature voipmonitor will autoupgrade cdr_next table which can take 
# hours depending on how large the table is. In GUI there is new section Settings#Custom_headers.
# WARNING - when you enable this feature voipmonitor will autoupgrade cdr_next table which can take hours depending on how large the table is
# INFO: in GUI there is new section in Settings - http://www.voipmonitor.org/doc/Settings#Custom_headers
#custom_headers = X-asterisk-Info ; X-myheader

# analogical for SIP message is custom_headers_message
#custom_headers_message = X-asterisk-Info ; X-myheader

# enable saving content of custom header (typicaly in-reply-to) to cdr_next.match_header
# this header is used in related CDR GUI for matching legs to onen call 
#matchheader = in-reply-to

# save also port in domain user@domain:port default is to only save domain without port
# default is = no
#domainport = yes

# pcapcommand will run command after pcap file is closed (after call ends). %pcap% is substitution for real pcap file name. execution is guaranteed to run in serialized way (not in parallel)
# WARNING - pcapcommand is implemented by forking program which is very expensive and is causing TLB shootouts on multicore system which can generate 500 000 interrupts / sec 
# causing system to drop packets. Watch the performance carefuly (with "vmstat 1" column "in"). Gziping pcap files will be implemented as native function directly in C++ to obey 
# TLB shootdowns. 
#
# example - convert pcap file to gzip 
#pcapcommand = gzip -f %pcap%

# convert pcap file to bzip2 
#pcapcommand = bzip2 -f %pcap%

# this example will move call and releated files from one directory to another directory. 
#pcapcommand = mkdir -p "/var/spool/voipmonitor/%dirname%" ; mv /dev/shm/%dirname%/%basename%* /var/spool/voipmonitor/

# filtercommand will run command after each call which matches script == 1 in filter_ip or filter_telnum (capture rules in GUI) 
# WARNING - filtercommand is implemented by forking program which is very expensive and is causing TLB shootouts on multicore system which can generate 500 000 interrupts / sec 
# causing system to drop packets. Watch the performance carefuly (with "vmstat 1" column "in"). 
#
# all non alphanum characters except '/' '#' ' ' '+' ':' '-' '.' and '@' in callid, dirname, caller, called and calldate are substituted to '_' 
#
#filtercommand = myscript '%basename%' '%dirname%' '%caller%' '%called%' '%calldate%'


# Pcap filter. If you want to sniff only UDP SIP, put here 'udp'. Warning: If you set protocol to 'udp' pcap discards VLAN packets. Maximum size is 2040 chars
# udp or (vlan and udp) will capture all tagged and untagged UDP packets
# WARNING - if you need to sniff IPinIP (like mirrored packets from voipmonitor) filter = udp will filter all those packets. In this case just disable filter. 
# filter = udp or (vlan and udp)


# openfile_max overrides default max open files which is 65535
#openfile_max = 300000

# list characters that should be converted to underscore (_) in filenames
# if you want to include space, put it between other characters, like ': :' (will convert ':' and ' ' to '_')
# defaults to nore
#
# example - avoid ':' when Call-Id contains port number
#convertchar = :

# directory where all files (pcap|wav|graph) are stored 
spooldir = /var/spool/voipmonitor

# new spooldir schema stores all files to year-mon-day/hour/minute/[ALL|SIP|RTP|AUDIO] directories 
# if you need to have the old schema year-mon-day/* enable spooldiroldschema = yes. 
# default = no
#spooldiroldschema = no

# cleandatabase removes database partitions for tables cdr, cdr_next, cdr_rtp and cdr_dtmf older than X days. 
# cleandatabase parameter represents number of days - if you set 90 it will remove partition 90 days old. 
# if the sniffer will not run for several days it will not clean partitions which was not cleaned even 
# you start it. 
# default = 0 (disabled) 
#cleandatabase = 90


##############################################
# cleaning spool directory                   #
##############################################

# since version 8 sniffer uses different cleaning mechanism which was developed to minimize I/O operations and it also finally brings more features 
# each created file is indexed in SPOOLDIR/filesindex/ in hours interval and the file size is added to aggregation mysql table files. Cleaning 
# procedure iterates through index files and unlink files without need to scan directories. 

# cleaning procedure runs every hour and checks size or days according to following options. Rules are executed in this
# order. If you set maxpoolsize it will wipe out the oldest data every hour until the size is reached. maxpooldays keeps
# maximum number of data to set days. The same is for sip rtp and graph so you can keep sip pcaps longer than rtp pcaps. 
# all options can be activated at once

# it is good to always have maxpoolsize = N where the N is maximum disk space you are willing to use by sniffer 
# all size are in MB

#set default maxpoolsize to 100 GB (102400 MB)

maxpoolsize		= 102400
#maxpooldays		=

#maxpoolsipsize		=
#maxpoolsipdays		=

#maxpoolrtpsize		=
#maxpoolrtpdays		=

#maxpoolgraphsize	=
#maxpoolgraphdays	=

##############################################

# clean spool directory every two hours from oldest file until spooldir size = cleanspool_size (in MB) 
# WARNING - if you have milions files set cleanspool_interval to 24 hour (clean once per day) 
# cleaning is very slow and can overload I/O 
# (in seconds)
# default is disabled 
#cleanspool_interval = 7200

# set target size of the spool directory for cleaning script
# (in MB) 
# you MUST set cleanspool_size to enable cleaning
# default is disabled 
#cleanspool_size = 50000

#usefull command to clean all RTP files older 7 days
# find /var/spool/voipmonitor -maxdepth 1 -type d -mtime +7 -name '20*' | (while read d; do rm -rf $d/*/*/RTP; done)


# store pcap and graph file to <cache/dir> and move it after call ends to spool directory. Moving all files are guaranteed to be serialized which 
# solves slow random write I/O on magnetic or other media. Typical cache directory is /dev/shm/voipmonitor which is in RAM and grows
# automatically or /mnt/ssd/voipmonitor which is mounted to SSD disk or some very fast SAS/SATA disk where spool can be network storage
# or raid5 etc.
# wav files are not implemented yet
cachedir = /dev/shm/voipmonitor


# put interface to promiscuouse mode so it can sniff packets which are not routed directly to us (it will not work if you use interface = any)
promisc = yes

# if you do not want to save cdr.callend = calldate + duration for some reason (you do not want to upgrade cdr, set it to no)
# default is yes
#sqlcallend = no

# SQL driver - mysql is default or odbc (connecting voipmonitor to msssql please refer to README.mssql
sqldriver = mysql
#sqldriver = odbc
#odbcdriver = mssql
#odbsdsn = voipmonitor
#odbcuser = root
#odbcpass = 

# mysql table compression (default enabled)
mysqlcompress = yes

# mysql server
mysqlhost = localhost

# mysql port 
mysqlport = 3306

# mysql database
mysqldb = voipmonitor

# use partitioning cdr* tables by day. If you have schema without partitioning, you MUST start with new database 
#default is = yes
cdr_partition = yes

# mysql table
mysqltable = cdr

# enable redundant cdr tables 
#sqlcdrtable_last30d = cdr_last30d
#sqlcdrtable_last7d = cdr_last7d
#sqlcdrtable_last1d = cdr_last1d

# mysql username
mysqlusername = root

# mysql password
#mysqlpassword = 

# if enabled CDRID:num will be printed to stdout on every CDR insert 
printinsertid = yes

# enable monitoring IP traffic 
#ipaccount = no
#ipaccountport = 22
#ipaccountport = 80
#ipaccountport = 443