Difference between revisions of "Manual export of pcap files from spooldir"
| Line 5: | Line 5: | ||
'''SIP format:''' With default config shipped with latest voipmonitor sensor, is SIP compression enabled after tar archive was created: | '''SIP format:''' With default config shipped with latest voipmonitor sensor, is SIP compression enabled after tar archive was created: | ||
option '''tar_compress_sip = gzip''' | option '''tar_compress_sip = gzip''' | ||
| + | |||
| + | |||
== Export pcap file with default config used == | == Export pcap file with default config used == | ||
| Line 28: | Line 30: | ||
First we will need to get '''lzo positions''' from database (calldate start '2016-08-23 16:37:38'in example and from CALL-ID header 'CwA8j-SNSN' you can write a query), type=2 (means RTP filetype): | First we will need to get '''lzo positions''' from database (calldate start '2016-08-23 16:37:38'in example and from CALL-ID header 'CwA8j-SNSN' you can write a query), type=2 (means RTP filetype): | ||
mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38'; | mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38'; | ||
| − | |||
'''Returned:''' | '''Returned:''' | ||
Revision as of 18:39, 23 August 2016
Notes
RTP format: With default config shipped with latest voipmonitor sensor, is RTP compression enabled into LZO in time of capture - those LZOed files are tared into RTP archives based on date-hourminute of a call start and its call's call-id.
option pcap_dump_zip_rtp = lzo
SIP format: With default config shipped with latest voipmonitor sensor, is SIP compression enabled after tar archive was created:
option tar_compress_sip = gzip
Export pcap file with default config used
precondition
call needs to be captured with sensor's compression settings like in default voipmonitor.conf
pcap_dump_zip_rtp = lzo option tar_compress_sip = gzip
Information needed from CDR detail for export
You will need:
1.CDR.id (103)
2.Date time of a call start (2016-08-23 16:37:38)
3.Call-ID (CwA8j-SNSN)
4.Location of your spooldir ('spooldir' option is defined in /etc/voipmonitor.conf)
example : 
export SIP pcap
From spooldir location (by default its '/var/spool/voipmonitor' and calldate start '2016-08-23 16:37:38' in example and from CALL-ID header 'CwA8j-SNSN' you can write command:
tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/16/37/SIP/sip_2016-08-23-16-37.tar.gz' 'CwA8j-SNSN.pcap*' /tmp/expsip.pcap
export RTP pcap
First we will need to get lzo positions from database (calldate start '2016-08-23 16:37:38'in example and from CALL-ID header 'CwA8j-SNSN' you can write a query), type=2 (means RTP filetype):
mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38';
Returned:
pos: 0 pos: 164352 pos: 328704 pos: 493056 4 rows in set (0,00 sec)
Second we use positions returned from db to export RTP and unLZO using voipmonitor binary:
/usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap
merge SIP and RTP into one file
mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap
Export pcap file when LZO compression disabled for RTP in config
preconditions
call captured when sensor's compression settings changed from default voipmonitor.conf
pcap_dump_zip_rtp = no option tar_compress_sip = gzip
information needed to collect from CDR
From picture in section above you will need:
2.Date time of a call start 3.Call-ID
export SIP pcap
tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/SIP/sip_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportSIP.pcap
export RTP pcap
tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/RTP/rtp_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportRTP.pcap
merge SIP and RTP into one file
mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap