Sniffer installation: Difference between revisions

Revision as of 18:16, 8 January 2026

This guide provides step-by-step instructions for installing the VoIPmonitor sensor (sniffer). The recommended method is the pre-compiled static binary.

Understanding VoIPmonitor Components

VoIPmonitor consists of two separate components:

Component	Description	Requirements
Sniffer / Sensor (This Guide)	Static binary that captures and analyzes VoIP traffic. Self-contained - no web server, PHP, or local database required.	Linux (kernel 2.6.18+), root privileges
Web GUI	PHP web interface for viewing data and configuration.	Web server (Apache/Nginx), PHP, MySQL/MariaDB. See GUI Installation Guide

💡 Tip: The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.

Installation Overview

Step 1: Download the Static Binary

Download the archive for your system architecture:

Architecture	Download Command
64-bit (x86_64)	`wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O voipmonitor-sniffer.tar.gz`
32-bit (i686)	`wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz -O voipmonitor-sniffer.tar.gz`
ARM (Raspberry Pi)	`wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz -O voipmonitor-sniffer.tar.gz`

ℹ️ Note: If the primary URL hangs (common on Debian 11/12), use the alternative: wget https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz

Step 2: Extract and Install

tar xzf voipmonitor-sniffer.tar.gz
cd voipmonitor-*-static
sudo ./install-script.sh

The script installs:

Binary to /usr/local/sbin/voipmonitor
Config to /etc/voipmonitor.conf
Service to /etc/init.d/voipmonitor

ℹ️ Note: The service always runs as root regardless of installation prompts - this is required for packet capture privileges.

Step 3: Configure

Edit the configuration file:

nano /etc/voipmonitor.conf

Essential settings:

Parameter	Description	Example
`mysqlhost`	Database server address	`192.168.1.100`
`mysqldb`	Database name	`voipmonitor`
`mysqluser`	Database user	`voipmonitor`
`mysqlpassword`	Database password	`secret`
`interface`	Network interface to monitor	`eth0`
`id_sensor`	Unique ID (1-65535) for multi-sensor deployments	`1`

For complete configuration options, see Sniffer Configuration Reference.

Connecting to Existing Production Database

When installing a new sensor and connecting it to an existing production database, VoIPmonitor includes a safety mechanism to prevent automatic schema modification that could cause downtime or data corruption.

Database Size	Behavior
< 1,000 CDRs	Auto-modify tables on service start (safe for new/small databases)
>= 1,000 CDRs	Required ALTER queries logged to syslog; manual execution required

⚠️ Warning: For production databases with >= 1,000 CDRs, the sensor will NOT auto-alter tables. Check logs for required ALTER statements and execute during low-traffic period.

# After starting the sensor, check for required ALTER queries
journalctl -u voipmonitor | grep -i "ALTER TABLE"

# Alternative: check syslog
grep -i "ALTER TABLE" /var/log/syslog

# Alternative: check messages
grep -i "ALTER TABLE" /var/log/messages

💡 Tip: If running multiple sensors to the same database, ensure each has a unique id_sensor value in the configuration file to distinguish the source of CDRs. Also review hardware-dependent settings like interface, max_buffer_mem, spooldir, and maxpoolsize on the new server.

System Resource Requirements

Resource	Recommendation
CPU	Main capture thread (t0) uses 1 core. Monitor `t0CPU` - if >90%, consider faster CPU or additional sensors.
RAM	2-4 GB for <500 calls; 8-16 GB for 2000+ calls. Account for MySQL if co-located.
Disk I/O	HDD: ~2000 concurrent calls. SSD/RAID WriteBack for higher throughput.
Storage	Plan based on retention policy and daily call volume.

For performance tuning, see Scaling and Performance Tuning.

Step 4: Start the Service

systemctl start voipmonitor
systemctl enable voipmonitor

Other commands: systemctl stop voipmonitor, systemctl status voipmonitor

For advanced systemd configuration, see systemd Service Management.

Step 5: Verify

# Check service status
systemctl status voipmonitor

# Monitor live logs
journalctl -u voipmonitor -f

Look for output like calls[X][Y] PS[...] SQLq[0] confirming traffic capture.

If no calls appear, see Sniffer Troubleshooting.

Downloading Specific Versions

For specific versions or automation:

# Specific version (replace VERSION, e.g., 2025.07.1)
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-VERSION-static.tar.gz

# Example
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-2025.07.1-static.tar.gz

# Historical releases with SS7 module
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-sniffer.tar.gz

Direct download URLs work without portal login - ideal for automation, CI/CD, Ansible, Puppet, etc.

Advanced Installation

Legacy OS (CentOS 6, older glibc)

Download the oldest available binary from the download page (better glibc compatibility)
If GUI shows ionCube errors, install the "Linux glibc2.4 (64 bits)" loader from ioncube.com

Manual Development Build Upgrade

mkdir /tmp/new-sniffer && cd /tmp/new-sniffer
wget https://download.voipmonitor.org/some-development-build.tar.gz -O sniffer.tar.gz
tar xzf sniffer.tar.gz

systemctl stop voipmonitor
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
cp voipmonitor-*-static/voipmonitor /usr/local/sbin/voipmonitor
systemctl start voipmonitor

Compiling from Source (ARM64/Special Cases)

ℹ️ Note: Only for developers or when static binary is unavailable (e.g., ARM64/aarch64).

# Install dependencies (Debian 12)
apt install git make g++ unixodbc-dev libvorbis-dev libmp3lame-dev libmpg123-dev \
    libpcap-dev libssl-dev libsnappy-dev libcurl4-openssl-dev libicu-dev libpng-dev \
    libjpeg-dev libfftw3-dev libjson-c-dev librrd-dev libglib2.0-dev libxml2-dev \
    libmariadb-dev-compat libmariadb-dev libzstd-dev liblz4-dev liblzma-dev \
    liblzo2-dev gnutls-dev libgcrypt-dev libgoogle-perftools-dev

# Clone and compile
cd /usr/src
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer
./configure
make

# Install
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.static  # backup if exists
mv /usr/src/sniffer/voipmonitor /usr/local/sbin/voipmonitor
systemctl restart voipmonitor

For automatic git-based upgrades, add to /etc/voipmonitor.conf:

upgrade_by_git = yes
git_folder = /usr/src/sniffer

Uninstallation

systemctl stop voipmonitor
systemctl disable voipmonitor
rm -f /etc/systemd/system/voipmonitor.service
rm -f /etc/init.d/voipmonitor
rm -f /usr/local/sbin/voipmonitor
systemctl daemon-reload
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup

⚠️ Warning: Spool directory contains PCAP files and recordings! Only delete if you no longer need this data: rm -rf /var/spool/voipmonitor

AI Summary for RAG

Summary: Step-by-step guide for installing VoIPmonitor sensor (sniffer) using pre-compiled static binaries. Process: download correct archive for architecture (64-bit, 32-bit, ARM), run install-script.sh, configure /etc/voipmonitor.conf (database, interface, id_sensor), start with systemctl. Service always runs as root. Direct download URLs (https://download.voipmonitor.org/...) work without login for automation. Covers system requirements (CPU t0 thread, RAM 2-16GB based on call volume, disk I/O), specific version downloads, legacy OS compatibility, compiling from source for ARM64, and uninstallation.

Keywords: install, installation, sniffer, sensor, static binary, install-script.sh, download, wget, systemd, systemctl, id_sensor, multi-sensor, ARM64, aarch64, Raspberry Pi, compile from source, git, upgrade_by_git, uninstall, CentOS 6, legacy, automation, CI/CD, direct download

Key Questions:

How do I install the VoIPmonitor sniffer?
Where can I download the sensor static binary?
How do I configure id_sensor for multi-sensor deployments?
What are the CPU and RAM requirements?
How do I start and enable the voipmonitor service?
What if the download URL hangs or fails?
How do I install on legacy CentOS 6?
How do I compile from source on ARM64?
How do I uninstall VoIPmonitor?
What are the direct download URLs for automation?

@@ Line 106: / Line 106: @@
 For complete configuration options, see [[Sniffer_configuration|Sniffer Configuration Reference]].
+=== Connecting to Existing Production Database ===
+When installing a new sensor and connecting it to an existing production database, VoIPmonitor includes a safety mechanism to prevent automatic schema modification that could cause downtime or data corruption.
+{| class="wikitable"
+|-
+! Database Size !! Behavior
+|-
+| '''< 1,000 CDRs''' || Auto-modify tables on service start (safe for new/small databases)
+|-
+| '''>= 1,000 CDRs''' || Required ALTER queries logged to syslog; manual execution required
+|}
+{{Warning|1=For production databases with >= 1,000 CDRs, the sensor '''will NOT''' auto-alter tables. Check logs for required ALTER statements and execute during low-traffic period.}}
+<syntaxhighlight lang="bash">
+# After starting the sensor, check for required ALTER queries
+journalctl -u voipmonitor | grep -i "ALTER TABLE"
+# Alternative: check syslog
+grep -i "ALTER TABLE" /var/log/syslog
+# Alternative: check messages
+grep -i "ALTER TABLE" /var/log/messages
+</syntaxhighlight>
+{{Tip|If running multiple sensors to the same database, ensure each has a unique <code>id_sensor</code> value in the configuration file to distinguish the source of CDRs. Also review hardware-dependent settings like <code>interface</code>, <code>max_buffer_mem</code>, <code>spooldir</code>, and <code>maxpoolsize</code> on the new server.}}
 === System Resource Requirements ===