Skip to content

Instantly share code, notes, and snippets.

@samacs
Created October 2, 2013 20:30
Show Gist options
  • Save samacs/6800062 to your computer and use it in GitHub Desktop.
Save samacs/6800062 to your computer and use it in GitHub Desktop.
#
# voipmonitor.org configuration file
#
# location of this file is at ~/.voipmonitor.conf or /etc/voipmonitor.conf
# command line parameters overrides configuration directives in this file
# allowed comments are ; or #.
#
[general]
# in case of running more voipmonitor instances on the same or another servers configured to save to one database and the same cdr table
# it is possible to differentiate CDR by id_sensor column. If you set id_sensor >= 0 the number will be saved in cdr.id_sensor column.
#id_sensor = 1
# voipmonitor is able to sniff directly on network interface or it can read files.
# listening interface. Can be 'any' which will listen on all interfaces - NOTE that "any" will not put intefaces into promiscuous mode and you have to do it with "ifconfig eth0 promisc"
# check if you are not using -i ethX argument in command line as it has more priority
# than this configuration file
interface = eth1
# since version 8 sniffer implements new mirroring option. Sender is packing data to compressed stream over the
# TCP to remote sniffer.
# if you are going to use this sniffer only as a mirroring sniffer all you need is to set interface, packetbuffer_*
# set compression on and set packetbuffer_file_* so in case the connection to remote sniffer will die or will be
# temporarily slow the sender will not loose single packet. The mirroring is trying to reconnect in case of
# failure. Packets are mirrored including the the original timestamp and headers.
# this mirroring hopefully replaces pcapscandir feature which will be probably removed in favor of this approach.
# here set the sending (mirroring). The sender needs to set only interface, ringbuffer, packetbuffer_*, filter
# and this two folling mirror_destination_*
#mirror_destination_ip =
#mirror_destination_port =
# here set the receiver and do not forget to set firewall so no other except the sender will be able to connect
# to the receiver
#mirror_bind_ip =
#mirror_bind_port =
#mirror_bind_dlt = 1 // DLT_EN10MB Ethernet (10Mb)
# scan pcap files folder and read file by file. This is in conjuction with running tcpdump which creates pcap file each
# 5 seconds (-G 5) storing pcap files named by UNIX_TIMESTAMP to /dev/shm/voipmonitor folder (do not forget create it)
# using 1GB ring buffer to avoid losing packets (-B500000 - you can lower it but not higher) filtering udp packets (udp
# parameter whcih you can change to your needs). voipmonitor then reads created files (and delete it after processing.
# This approach can be used for testing throughput or for very high voip traffic (>500Mbit). If the sniffer is able to
# process pcap files in realtime - there will be in /dev/shm/voipmonitor folder only one or two pcap files. If the sniffer
# is not able to process in realtime (blocking by I/O or by CPU) number of pcap files will grow faster then the sniffer
# is able process.
#
# WARNING: libpcap < 1.1 contains memory leak when pcap filter is set - do not set filter in this config or upgrade libpcap to the latest (debian 6 libpcap contains the leak)
# static compiled voipmonitor from voipmonitor.org contains the latest libpcap
#
# tcpdump example command:
# nice -n -20 tcpdump -B500000 -i eth2 udp -G 5 -w /dev/shm/voipmonitor 2>/dev/null 1>/dev/null &
#scanpcapdir = /dev/shm/voipmonitor
# in case the SIP(media) server is behind public IP (1.1.1.1) NATed to private IP (10.0.0.3) to sniff all traffic correctly you can
# specify alias for this case. You can specify more netaliases duplicating rows.
# in most cases this is not necessary because voipmonitor is able to track both RTP streams based on the other side IP. But
# if the stream is incoming from another IP then SIP source signalization and also from another IP than the SIP device which is
# also behind NAT its impossible to track the correct IP. Please note that this is for case where the SIP server is behind NAT
# and also the client is behind NAT. If your SIP server has public IP do not bother with this.
#natalias = 1.1.1.1 10.0.0.3
#natalias = 1.1.1.2 10.0.0.3
#natalias = 1.1.1.3 10.0.0.4
# define bind address for manager interface. Default is 127.0.0.1
# it is not recommended to change this unless really needed due to
# security. If you need it on some other IP make sure you set firewall
# and change the standard port for better security
#managerip = 127.0.0.1
# define TCP manager port
managerport = 5029
# connects to server and listen for commands
#managerclient = serverip or hostname
#managerclientport = 1234
# define SIP ports wihch will voipmonitor liste. For each port make new line with sipport = port (multiple lines)
sipport = 5060
#sipport = 5061
#sipport = 5062
# rtptimeout is important value which specifies how much seconds from the last SIP packet or RTP packet is call closed
# and writen to database. It means that if you need to monitor ONLY SIP you have to set this to at leat 2 hours = 7200
# assuming your calls is not longer than 2 hours. Take in mind that seting this to very large value will cause to keep
# call in memory in case the call lost BYE and can consume all memory and slows down the sniffer - so do not set it to
# very high numbers. Default is 300 seconds.
#rtptimeout = 300
# ringbuffer is circular memory queue directly in kernel memory space. libpcap is reading from this queue and
# delivers packets to voipmonitor. If the network rate is > 100 Mbit we recommend to set ringbuffer to at least 500
# maximum value is 2000 MB.
# default 50 MB
ringbuffer = 50
# packet buffer is new voipmonitor buffering architecture (since version 8). If enabled new threads are created
# which raads packets from kernel ringbuffer and queues them into dynamically allocated memory. Packets are
# dequeued and passed to next threads which reads the content. This will ensure that kernel ringbuffer will
# not overrun due to CPU or disk I/O spikes.
# packet buffer will dynamically grow until packetbuffer_total_maxheap is reached. Compression can be enabled
# (packetbuffer_compress) which compress the buffer with fast snappy algorythm with 50% compression ratio thus
# doubling the time when the buffer gets filled (600Mbit traffic consumes ~30% one one core Xeon E5-2620).
# It is also possible to use disk buffer if the packet buffer memory is filled by enabling
# packetbuffer_file_totalmaxsize which is usefull when sniffer is only mirroring data over TCP to another
# sniffer - if the connection brakes or slowed down and packet buffer gets filled it will start using file
# buffer until the connection reestablishes so no single packet is lost. Enabling file buffer in non mirroring
# mode to the same disk as spooldir will get not much benefit because if the process is blocked mainly due to
# disk I/O it has no benefit to add more I/O by caching unprocessed packets to the same I/O layer.
packetbuffer_enable = yes
packetbuffer_total_maxheap = 2000 #in MB
packetbuffer_compress = yes #enable compression
packetbuffer_file_totalmaxsize = 0 #MB. Default is disabled.
packetbuffer_file_path = /var/spool/voipmonitor/packetbuffer
# number of threads to process RTP packets. If not specified it will be number of available CPUs.
# If equal to zero RTP threading is turned off.
# For < 150 concurrent calls you can turn it off"
#default = 0
#rtpthreads = 0
# jitter buffer simulator variants. By default voipmonitor uses three types of jitterbuffer simulator to compute MOS score.
# First variant is saved into cdr.[ab]_f1 and represents MOS score for devices which has only fixed 50ms jitterbuffer.
# Second variant is same as first but for fixed 200ms and is saved to cdr.[ab]_f2
# Third varinat is adaptive jitterbuffer simulator up to 500ms
# Jitterbuffer simulator is the most CPU intensive task which is voipmonitor doing. If you are hitting CPU 100% turn
# off some of the jitterbuffer simulator. I'm recomending to use only fixed 200ms if you need to save some CPU cycles.
#jitterbuffer_f1 = no
#jitterbuffer_f2 = yes
#jitterbuffer_adapt = no
# callslimit will limit maximum numbers of calls processed by voipmonitor at the same time. If calls are over limit
# it will be ignored (INVITE)
#callslimit = 0
# in case SIP session travels accross several proxies (and Call-ID header DOES not change) and you would like to track
# all sip proxies and make them searchable in GUI / database. If disabled cdr will store to destination sip
# column destination IP from the first INVITE. If enabled there will be destination IP from the latest invite and all
# proxy ip will be stored in cdr_proxy table.
# default enabled
cdrproxy = yes
# this option allows to skip storing cdr.a_ua and cdr.b_ua - this is workaround for those who has extreme cdr rate and
# number of user agents in database is over 1000 and CPU is not powerfull enough to store cdr in real time. In future
# this option will be removed once we optimize this rutine.
#cdr_ua_enable = yes
# this is important option if voipmonitor is sniffing on SIP proxy and see both RTP leg of CALL.
# in that case use this option. It will analyze RTP only for the first LEG and not each 4 RTP
# streams which will confuse voipmonitor. Drawback of this switch is that voipmonitor will analyze
# SDP only for SIP packets which have the same IP and port of the first INVITE source IP
# and port. It means it will not work in case where phone sends INVITE from a.b.c.d:1024 and
# SIP proxy replies to a.b.c.d:5060. If you have better idea how to solve this problem better
# please contact support@voipmonitor.org
rtp-firstleg = no
# SSRC in RTP headers must not equal zero according to RFC so voipmonitor is ignoring such RTP by default.
# If you still need to parse such packets enable it
# default = no
#allow-zerossrc = yes
# duplicate check do md5 sum for each packet and if md5 is same as previous packet it will discard it
# WARNING: md5 is expensive function (slows voipmonitor 3 times) so use it only if you have enough CPU or
# for pcap conversion only . Default is no.
#deduplicate = yes
# prior verison 8.0.1 deduplicate was comparing only data without ip header and udp header so duplicate packets
# was matched also in case the IP addresses differes. This was good for some cases but it leads to completely
# ignore RTP streams in other cases. Now default option is to check duplicates based on not only data but ip headers
# too. To change this set deduplicate_ipheader = no
# default = yes
#deduplicate_ipheader = yes
# enable/disable updating called number from To: header from each caller INVITE. Default is enabled so it supports overlap dialing (RFC 3578)
# if you want to disable this behaviour and see always number only from the first INVITE set sipoverlap = no
#sipoverlap = yes
# save sip REGISTER messages
sip-register = no
# if mysql binlog is enabled, skip binlog inserts into active table (which is MEMORY type)
# if you still want to replicate this too (huge I/O impact) set it to = no
sip-register-active-nologbin = yes
# if yes, voipmonitor will not save CDR to MySQL
nocdr = no
# if yes, all SIP calls will be ignored unless capture rules set skip flag based on IP or Tel. numbers (mysql.filter_*)
#skipdefault = yes
# write CDR to database only if call was answered
# default = no
#cdronlyanswered = yes
# write CDR to database only if call has RTP
# default = no
#cdronlyrtp = yes
# save SIP packets to pcap file
savesip = yes
# save RTP packets to pcap file. savertp = yes automatically saves RTCP packets
# you can also save only RTP header without AUDIO: savertp = header
# if save RTP is aneblad it will also save UDPTL packets (used for T.38)
# you can also set savertp = no and control what calls will record RTP in mysql table filter_ip or filter_tel
# which is controled in GUI -> Capture rules. Sending reload command will reload configuration from filter_*
# table. You can also set savertp = yes but denies recording RTP based on rules in filter_* table.
savertp = yes
#savertp = header
# voipmonitor by default splits SIP and RTP packets to individual files (in case spooldiroldschema = no) which are
# located in SIP and RTP directories. This feature allows instance cleaning RTP streams differently then SIP packets
# to join two pcap files SIP+RTP use mergecap command line utility which is included in wireshark package
# default = yes | spooldiroldschema must be set to no
#pcapsplit = yes
# save UDPTL packets (T.38). If savertp = yes the UDPTL packets are saved automatically. If savertp = no and you want
# to save only udptl packets enable saveudptl = yes and savertp = no
#saveudptl = yes
# save RTCP packets to pcap file
savertcp = yes
# save RTP payload to audio file. Choose 'wav' for WAV PCM or 'ogg' for OGG 25kbps format.
# please note that this has great impact on I/O and can overload your storage leading to lose packets. Better way is to store only sip+rtp and
# convert wav files on demand.
saveaudio = wav
# default path to WEB GUI used to construct path to key check for codecs
# default paths:
#keycheck = /var/www/keycheck.php
#keycheck = /var/www/html/voipmonitor/php/keycheck.php
# in case you are not saving RTP at all but you still want to save DTMF carried over RTP packets (RFC2833)
# you can enable this option. This feature slows down a bit processing RTP packets in main read thread
# in casse voipmonitor runs in threads.
# default = 0
#saverfc2833 = 0
# Enable storing DTMF (SIP INFO or RFC2833) to cdr_dtmf database. It will store DTMF time and key
# then it will be shown in SIP history in the GUI
#dtmf2db = 0
# save graph data for web GUI. If you want to complress it, put here gzip
savegraph = plain
# if any of SIP message during the call contains header X-VoipMonitor-norecord call will be not converted to wav and pcap file will be deleted.
#norecord-header = yes
# if any of SIP message during the call contains DTMF INFO sequence "*0" call will be not converted to wav and pcap file will be deleted.
# default: disabled
#norecord-dtmf = yes
# enable pausing RTP/WAV recording if DTMF sequence detected.
# default: disabled
#pauserecordingdtmf = *9
# dump all packets to /tmp/voipmonitor-[UNIX_TIMESTAMP].pcap
#dumpallpackets = yes
# in case you need to have ethernet encapsulation and you are sniffing on interface = any set this to = yes.
# this is needed only in case you need to merge pcap files with different encapsulations. default is no
# convert_dlt_sll2en10 = no
# enable MOS score for G.729 codec. If enabled, all cdr with 0 packet loss and stable delays will have maximum MOS of 3.92
# and for loss and unstable delay MOS will be calculated according to ITU-T objective PESQ method for G.729 codec.
# if you want to use MOS as good search value which corellates loss and delay into single value leave it disabled (which is
# by default). If set to no, all calls will be calculated like it is G.711.
mos_g729 = no
# enable saving dscp to cdr.dscp which is 32bit number. The first 8 bits are dscp (6bits) from SIP packets from caller. Next 8 bits
# are from SIP packets from called. Next 8 bits are from caller RTP and last 8 bits are from called RTP. If you enable this
# feature it will auto upgrade cdr table which can take long time depending on ammount of CDR in tables and I/O speed.
# default is disabled
#dscp = no
# enable storing custom sip headers to database column cdr_next.custom_header_headername. You can specify more headers
# delimited by ";". WARNING - when you enable this feature voipmonitor will autoupgrade cdr_next table which can take
# hours depending on how large the table is. In GUI there is new section Settings#Custom_headers.
# WARNING - when you enable this feature voipmonitor will autoupgrade cdr_next table which can take hours depending on how large the table is
# INFO: in GUI there is new section in Settings - http://www.voipmonitor.org/doc/Settings#Custom_headers
#custom_headers = X-asterisk-Info ; X-myheader
# analogical for SIP message is custom_headers_message
#custom_headers_message = X-asterisk-Info ; X-myheader
# enable saving content of custom header (typicaly in-reply-to) to cdr_next.match_header
# this header is used in related CDR GUI for matching legs to onen call
#matchheader = in-reply-to
# save also port in domain user@domain:port default is to only save domain without port
# default is = no
#domainport = yes
# pcapcommand will run command after pcap file is closed (after call ends). %pcap% is substitution for real pcap file name. execution is guaranteed to run in serialized way (not in parallel)
# WARNING - pcapcommand is implemented by forking program which is very expensive and is causing TLB shootouts on multicore system which can generate 500 000 interrupts / sec
# causing system to drop packets. Watch the performance carefuly (with "vmstat 1" column "in"). Gziping pcap files will be implemented as native function directly in C++ to obey
# TLB shootdowns.
#
# example - convert pcap file to gzip
#pcapcommand = gzip -f %pcap%
# convert pcap file to bzip2
#pcapcommand = bzip2 -f %pcap%
# this example will move call and releated files from one directory to another directory.
#pcapcommand = mkdir -p "/var/spool/voipmonitor/%dirname%" ; mv /dev/shm/%dirname%/%basename%* /var/spool/voipmonitor/
# filtercommand will run command after each call which matches script == 1 in filter_ip or filter_telnum (capture rules in GUI)
# WARNING - filtercommand is implemented by forking program which is very expensive and is causing TLB shootouts on multicore system which can generate 500 000 interrupts / sec
# causing system to drop packets. Watch the performance carefuly (with "vmstat 1" column "in").
#
# all non alphanum characters except '/' '#' ' ' '+' ':' '-' '.' and '@' in callid, dirname, caller, called and calldate are substituted to '_'
#
#filtercommand = myscript '%basename%' '%dirname%' '%caller%' '%called%' '%calldate%'
# Pcap filter. If you want to sniff only UDP SIP, put here 'udp'. Warning: If you set protocol to 'udp' pcap discards VLAN packets. Maximum size is 2040 chars
# udp or (vlan and udp) will capture all tagged and untagged UDP packets
# WARNING - if you need to sniff IPinIP (like mirrored packets from voipmonitor) filter = udp will filter all those packets. In this case just disable filter.
# filter = udp or (vlan and udp)
# openfile_max overrides default max open files which is 65535
#openfile_max = 300000
# list characters that should be converted to underscore (_) in filenames
# if you want to include space, put it between other characters, like ': :' (will convert ':' and ' ' to '_')
# defaults to nore
#
# example - avoid ':' when Call-Id contains port number
#convertchar = :
# directory where all files (pcap|wav|graph) are stored
spooldir = /var/spool/voipmonitor
# new spooldir schema stores all files to year-mon-day/hour/minute/[ALL|SIP|RTP|AUDIO] directories
# if you need to have the old schema year-mon-day/* enable spooldiroldschema = yes.
# default = no
#spooldiroldschema = no
# cleandatabase removes database partitions for tables cdr, cdr_next, cdr_rtp and cdr_dtmf older than X days.
# cleandatabase parameter represents number of days - if you set 90 it will remove partition 90 days old.
# if the sniffer will not run for several days it will not clean partitions which was not cleaned even
# you start it.
# default = 0 (disabled)
#cleandatabase = 90
##############################################
# cleaning spool directory #
##############################################
# since version 8 sniffer uses different cleaning mechanism which was developed to minimize I/O operations and it also finally brings more features
# each created file is indexed in SPOOLDIR/filesindex/ in hours interval and the file size is added to aggregation mysql table files. Cleaning
# procedure iterates through index files and unlink files without need to scan directories.
# cleaning procedure runs every hour and checks size or days according to following options. Rules are executed in this
# order. If you set maxpoolsize it will wipe out the oldest data every hour until the size is reached. maxpooldays keeps
# maximum number of data to set days. The same is for sip rtp and graph so you can keep sip pcaps longer than rtp pcaps.
# all options can be activated at once
# it is good to always have maxpoolsize = N where the N is maximum disk space you are willing to use by sniffer
# all size are in MB
#set default maxpoolsize to 100 GB (102400 MB)
maxpoolsize = 102400
#maxpooldays =
#maxpoolsipsize =
#maxpoolsipdays =
#maxpoolrtpsize =
#maxpoolrtpdays =
#maxpoolgraphsize =
#maxpoolgraphdays =
##############################################
# clean spool directory every two hours from oldest file until spooldir size = cleanspool_size (in MB)
# WARNING - if you have milions files set cleanspool_interval to 24 hour (clean once per day)
# cleaning is very slow and can overload I/O
# (in seconds)
# default is disabled
#cleanspool_interval = 7200
# set target size of the spool directory for cleaning script
# (in MB)
# you MUST set cleanspool_size to enable cleaning
# default is disabled
#cleanspool_size = 50000
#usefull command to clean all RTP files older 7 days
# find /var/spool/voipmonitor -maxdepth 1 -type d -mtime +7 -name '20*' | (while read d; do rm -rf $d/*/*/RTP; done)
# store pcap and graph file to <cache/dir> and move it after call ends to spool directory. Moving all files are guaranteed to be serialized which
# solves slow random write I/O on magnetic or other media. Typical cache directory is /dev/shm/voipmonitor which is in RAM and grows
# automatically or /mnt/ssd/voipmonitor which is mounted to SSD disk or some very fast SAS/SATA disk where spool can be network storage
# or raid5 etc.
# wav files are not implemented yet
cachedir = /dev/shm/voipmonitor
# put interface to promiscuouse mode so it can sniff packets which are not routed directly to us (it will not work if you use interface = any)
promisc = yes
# if you do not want to save cdr.callend = calldate + duration for some reason (you do not want to upgrade cdr, set it to no)
# default is yes
#sqlcallend = no
# SQL driver - mysql is default or odbc (connecting voipmonitor to msssql please refer to README.mssql
sqldriver = mysql
#sqldriver = odbc
#odbcdriver = mssql
#odbsdsn = voipmonitor
#odbcuser = root
#odbcpass =
# mysql table compression (default enabled)
mysqlcompress = yes
# mysql server
mysqlhost = localhost
# mysql port
mysqlport = 3306
# mysql database
mysqldb = voipmonitor
# use partitioning cdr* tables by day. If you have schema without partitioning, you MUST start with new database
#default is = yes
cdr_partition = yes
# mysql table
mysqltable = cdr
# enable redundant cdr tables
#sqlcdrtable_last30d = cdr_last30d
#sqlcdrtable_last7d = cdr_last7d
#sqlcdrtable_last1d = cdr_last1d
# mysql username
mysqlusername = root
# mysql password
#mysqlpassword =
# if enabled CDRID:num will be printed to stdout on every CDR insert
printinsertid = yes
# enable monitoring IP traffic
#ipaccount = no
#ipaccountport = 22
#ipaccountport = 80
#ipaccountport = 443
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment