Difference between revisions of "Manual export of pcap files from spooldir"
| Line 1: | Line 1: | ||
| − | == | + | == Export pcap file with default config used == |
=== notes === | === notes === | ||
'''RTP format:''' With default config shipped with latest voipmonitor sensor, is RTP compression enabled into LZO in time of capture - those LZOed files are tared into RTP archives based on date-hourminute of a call start and its call's call-id. | '''RTP format:''' With default config shipped with latest voipmonitor sensor, is RTP compression enabled into LZO in time of capture - those LZOed files are tared into RTP archives based on date-hourminute of a call start and its call's call-id. | ||
| Line 40: | Line 40: | ||
/usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap | /usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap | ||
| − | == | + | |
| + | |||
| + | == Export pcap file when LZO compression disabled for RTP in config == | ||
=== preconditions === | === preconditions === | ||
call captured when sensor's compression settings changed from default voipmonitor.conf | call captured when sensor's compression settings changed from default voipmonitor.conf | ||
| Line 58: | Line 60: | ||
=== merge SIP and RTP into one file === | === merge SIP and RTP into one file === | ||
mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap | mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 18:31, 23 August 2016
Export pcap file with default config used
notes
RTP format: With default config shipped with latest voipmonitor sensor, is RTP compression enabled into LZO in time of capture - those LZOed files are tared into RTP archives based on date-hourminute of a call start and its call's call-id.
option pcap_dump_zip_rtp = lzo
SIP format: With default config shipped with latest voipmonitor sensor, is SIP compression enabled after tar archive was created:
option tar_compress_sip = gzip
precondition
call needs to be captured with sensor's compression settings like in default voipmonitor.conf
pcap_dump_zip_rtp = lzo option tar_compress_sip = gzip
Information needed for export from CDR detail
You will need:
1.CDR.id (103)
2.Date time of a call start (2016-08-23 16:37:38)
3.Call-ID (CwA8j-SNSN)
4.Location of your spooldir ('spooldir' option is defined in /etc/voipmonitor.conf)
example : 
export SIP pcap
From spooldir location (by default its '/var/spool/voipmonitor' and calldate start '2016-08-23 16:37:38'in example and from CALL-ID header (CwA8j-SNSN) you can write command:
tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/16/37/SIP/sip_2016-08-23-16-37.tar.gz' 'CwA8j-SNSN.pcap*' /tmp/expsip.pcap
export RTP pcap
First we will need to get lzo positions from database (calldate start '2016-08-23 16:37:38'in example and from CALL-ID header 'CwA8j-SNSN' you can write a query), type=2 (means RTP filetype):
mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38';
Returned:
pos: 0 pos: 164352 pos: 328704 pos: 493056 4 rows in set (0,00 sec)
Second we use positions returned from db to export RTP and unLZO using voipmonitor binary:
/usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap
Export pcap file when LZO compression disabled for RTP in config
preconditions
call captured when sensor's compression settings changed from default voipmonitor.conf
pcap_dump_zip_rtp = no option tar_compress_sip = gzip
info needed to collect from cdr
Call-ID Date time of a call start
export SIP pcap
tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/SIP/sip_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportSIP.pcap
export RTP pcap
tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/RTP/rtp_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportRTP.pcap
merge SIP and RTP into one file
mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap