Settings: Difference between revisions

From VoIPmonitor.org
(Add SSL/TLS sensor configuration subsection (settings menu))
(Add Security Settings documentation for CSRF and POST method protection (VG-3065))
 
(56 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:GUI Settings Reference}}
{{DISPLAYTITLE:GUI Settings Reference}}
Category:GUI manual
[[Category:GUI manual]]


This page documents the configuration options available in the VoIPmonitor web GUI under the '''Settings''' menu. These settings control how the GUI interacts with sensors, displays data, and manages user preferences.
This page documents the configuration options available in the VoIPmonitor web GUI under the '''Settings''' menu.


== Sensors ==
= Sensors =


If <code>id_sensor</code> is set in <code>/etc/voipmonitor.conf</code> (default is blank), you must create sensor entries here to enable downloading files like PCAP, graphs, and WAV recordings from the GUI.
Configure sensor connections for multi-sensor deployments. Required when <code>id_sensor</code> is set in <code>/etc/voipmonitor.conf</code>.


{| class="wikitable"
{| class="wikitable"
Line 12: Line 12:
! Field !! Description
! Field !! Description
|-
|-
| Sensor ID || The numeric ID matching <code>id_sensor = N</code> in <code>voipmonitor.conf</code>
| Sensor ID || Numeric ID matching <code>id_sensor</code> in voipmonitor.conf
|-
|-
| Name || A descriptive name for the sensor
| Name || Descriptive name for the sensor
|-
|-
| Manager IP || IP address of the sensor for fetching data (PCAP, graph, audio files)
| Manager IP || IP address (or hostname) for fetching data (PCAP, audio files)
|-
|-
| Manager Port || TCP port for the manager API (default: 5029)
| Manager Port || TCP port for manager API (default: 5029)
|-
|-
| Remote database || Database connection parameters for "Legs by CID/header" lookups when sensors use different databases. Leave blank if all sensors share the same database.
| Remote database || Database connection for "Legs by CID/header" lookups when sensors use different databases
|}
|}


[[File:settings-sensors.png]]
== Multi-Sensor Deployment ==


=== SSL/TLS Configuration ===
<kroki lang="mermaid">
%%{init: {'flowchart': {'nodeSpacing': 15, 'rankSpacing': 40}}}%%
flowchart TB
    subgraph Sensors["Remote Sensors"]
        S1["Sensor A<br/>id_sensor=2"]
        S2["Sensor B<br/>id_sensor=3"]
    end
    subgraph Central["Central Server"]
        GUI["Web GUI"]
        DB[(MySQL)]
    end
    S1 -->|CDR| DB
    S2 -->|CDR| DB
    GUI -->|"Port 5029"| S1
    GUI -->|"Port 5029"| S2
</kroki>


Sensors can be configured to decrypt TLS-encrypted SIP traffic directly through the GUI. This is particularly useful when VoIPmonitor is not capturing all SIP traffic from specific TLS trunks (e.g., seeing only OPTIONS and 403 responses while INVITEs are missing).
'''Setup:'''


To configure SSL/TLS settings for a sensor:
# Set unique <code>id_sensor</code> in each sensor's <code>/etc/voipmonitor.conf</code>
# Add sensor entries in '''Settings > Sensors''' with matching Sensor ID
# Restart sensors: <code>systemctl restart voipmonitor</code>


# Navigate to '''Settings > Sensors'''
{{Tip|For sensors with dynamic IPs, enter a hostname in the Manager IP field, or use [[Sniffer_distributed_architecture|Client-Server mode]].}}
# Click the '''wrench icon''' next to the affected sensor
 
# In the search field at the top right of the sensor settings dialog, enter '''ssl_'''
== Sensor Configuration via Wrench Icon ==
# Configure the required SSL/TLS parameters:
 
Click the '''wrench icon''' next to a sensor to configure parameters. Use the search field to find settings.


{| class="wikitable"
{| class="wikitable"
|-
|-
! Parameter !! Description !! Example Value
! Parameter !! Description !! Values
|-
|-
| ssl_key || Path to the private key file (PEM format) for decrypting TLS traffic || <code>/etc/pki/tls/private/server.key</code>
| <code>ssl</code> || Enable TLS decryption || <code>yes</code> / <code>no</code>
|-
|-
| ssl_cert || Path to the SSL certificate file (PEM format) matching the private key || <code>/etc/pki/tls/certs/server.crt</code>
| <code>ssl_ipport</code> || IP:port and key path for TLS || <code>192.168.1.10:5061 /path/to/key.pem</code>
|-
|-
| ssl_ipport || IP address and TLS port of the SIP endpoint to decrypt (without key file path for SSL Key Logger mode, or <code>IP:port /path/to/key</code> for Private Key mode) || <code>192.168.1.10:5061</code>
| <code>sipport</code> || SIP ports to capture || <code>5060,5080</code> or <code>5060,5070-5080</code>
|-
|-
| ssl || Enable SSL/TLS decryption module on the sensor || <code>yes</code>
| <code>savertp</code> || RTP recording mode || <code>yes</code> (full), <code>no</code> (none), <code>header</code> (stats only)
|-
| <code>maxpoolrtpsize</code> || Max RTP storage in MB || <code>51200</code>
|-
| <code>maxpoolrtpdays</code> || Max RTP age in days || <code>30</code>
|}
|}


'''Important Notes:'''
{{Warning|1=GUI settings override <code>voipmonitor.conf</code> when <code>mysqlloadconfig</code> is enabled (default). Changes require a full restart (<code>systemctl stop/start</code>), not reload.}}


* The sensor SSL settings correspond to the configuration parameters in [[Tls|/etc/voipmonitor.conf]] but are managed through the GUI interface
For TLS decryption with PFS ciphers, see [[Tls|TLS Decryption Guide]].
* This is an alternative to editing <code>voipmonitor.conf</code> directly - the GUI applies these settings to the sensor
* After changing SSL settings, you may need to '''restart the sniffer service''' or use the '''"reload sniffer"''' button in the GUI control panel
* For decryption of traffic using Perfect Forward Secrecy (PFS) ciphers like Diffie-Hellman (DHE/ECDHE), see [[Tls|the TLS decryption guide]] for the SSL Key Logger method


'''When to use GUI SSL configuration:'''
== RRD Health Charts ==


* You prefer managing TLS/SSL settings through the web interface instead of editing config files
Click the '''chart icon''' next to a sensor to view performance metrics:
* You have multiple sensors and want to manage SSL keys centrally
* You need to quickly enable/disable TLS decryption without editing <code>voipmonitor.conf</code>


For detailed information on TLS decryption methods and limitations (including PFS ciphers), see [[Tls]].
* '''Buffer usage:''' Approaching 100% indicates capacity limits
* '''Packet drops:''' Non-zero values indicate sensor overload


=== Troubleshooting: Non-deletable Local Sensor ===
{{Note|High buffer/drops cause low MOS and choppy audio. Solutions: increase <code>ringbuffer</code> in config, add sensors, use [[DPDK]] or [[Napatech]].}}


In server/probe deployments where the GUI server is not sniffing traffic itself, a "local sensor" may be automatically created in the sensor list. This sensor cannot be deleted through the normal GUI interface.
== Disabling a Sensor ==


'''Workaround:'''
{{Warning|1=The GUI "Disabled" checkbox does NOT stop data collection. The sniffer continues running regardless of GUI status.}}
# In '''Settings > Sensors''', add a new sensor with the same Sensor ID, name, and settings as the non-deletable local sensor
# After saving, the original automatically created sensor should either disappear or become deletable
# You can then remove the duplicate entry if both sensors appear


This occurs because the GUI automatically creates a sensor entry when it detects that <code>id_sensor</code> is set in the configuration but no active capture is configured on the GUI host.
'''To stop data collection:'''
* '''Complete shutdown:''' <code>systemctl stop voipmonitor</code> on the sensor host
* '''Selective blocking:''' Create capture rule with '''Skip = ON''' in '''Control Panel > Capture Rules'''


== CDR Charts ==
== Deleting Sensors ==


This section allows you to define predefined charts that appear in the [[Call_Detail_Record_-_CDR#Charts|CDR detail view's Charts tab]]. These charts provide quick visual analysis for specific call records based on caller/called information.
If deletion fails, the sensor likely has capture rules assigned. Remove rules first via '''Control Panel > Capture Rules'''.


[[File:settings-cdrcharts.png]]
'''Non-deletable local sensor (GUI+DB only servers):'''


== CDR Custom Headers ==
On central servers that don't capture traffic, an auto-created "localhost" sensor may appear. To replace it:


Since sniffer version 7.0RC7, VoIPmonitor can store custom SIP headers in the database for viewing and searching in the GUI. For the sniffer configuration, see [[Sniffer_configuration#custom_headers]].
# Set <code>id_sensor = 1</code> in <code>/etc/voipmonitor.conf</code> on the central server
# In GUI: Add new sensor with Manager IP <code>127.0.0.1</code>, same Sensor ID, Port <code>5029</code>
# Enable "is server in client/server mode" checkbox
# Disable "show active calls from all sensors in active call view" checkbox


[[File:customheaderform.png]]
= CDR Charts =


=== Configuration Fields ===
Define predefined charts for the [[Call_Detail_Record_-_CDR#Charts|CDR detail Charts tab]].


;Header Field
= CDR Custom Headers =
:Combo box listing available headers from the <code>cdr_next.custom_header*</code> database columns. These are automatically created when you add headers to <code>custom_headers</code> in <code>voipmonitor.conf</code> and restart the sniffer.


;Name
Capture and display custom SIP headers in CDR views. Requires sniffer version 7.0RC7+.
:The display name for this header in the CDR view header panel.


;Match in SIP by Header
== Setup Workflow ==
:When enabled, this header is used for matching CDRs in the [[Call_Detail_Record_-_CDR#Legs_by_header|Legs by header]] tab. This is useful when you have a unique correlation identifier that links multiple call legs (e.g., from phone to SBC, and from SBC to provider). Alternative method: [[Sniffer_configuration#matchheader|matchheader]] in voipmonitor.conf.


;Show as Column
<kroki lang="mermaid">
:When enabled, displays this header as a column in the CDR list view.
%%{init: {'flowchart': {'nodeSpacing': 10, 'rankSpacing': 30}}}%%
flowchart LR
    A[voipmonitor.conf<br/>custom_headers] --> B[Restart Sensor]
    B --> C[DB Column Created]
    C --> D[Settings > CDR<br/>Custom Headers]
    D --> E[CDR List View]
</kroki>


[[File:customheaderscdrpanel.png]]
# Add header to <code>/etc/voipmonitor.conf</code>:
<syntaxhighlight lang="ini">
custom_headers = X-Cisco-Org-ID
</syntaxhighlight>
# Restart sensor: <code>systemctl restart voipmonitor</code>
# Generate a test call
# Configure in '''Settings > CDR Custom Headers''': select header, set Name, enable "Show as Column"


=== Filtering Custom Headers ===
== Configuration Fields ==


After configuring custom headers in the GUI, they appear in the CDR filter form where you can search for them using special values:
{| class="wikitable"
|-
! Field !! Description
|-
| Header Field || SIP header to capture (from dropdown after restart)
|-
| Name || Display label in GUI
|-
| Match in SIP by Header || Enable for [[Call_Detail_Record_-_CDR#Legs_by_header|Legs by header]] correlation
|-
| Show as Column || Display in CDR list view
|-
| Restrict to Regex pattern || Filter which values to capture
|-
| Boundary start/end || Extract substring between delimiters
|-
| Regexp || Extract using regex with capture groups <code>(...)</code>
|-
| Select occurrence || <code>First found value</code>, <code>Last found value</code>, or <code>Nth occurrence</code>
|-
| Nth occurrence || '''(New in 2026.01)''' When "Nth occurrence" is selected, specify which occurrence number to extract (e.g., <code>2</code> for second occurrence). Uses packet timestamps for accurate ordering even when packet reordering is disabled.
|}


*'''Find all CDRs with this header present:''' Use the <code>%</code> wildcard as the filter value. This matches any non-empty value.
== Extracting Substrings ==
*'''Find all CDRs without this header:''' Type <code>NULL</code> (or leave empty) as the filter value to find calls where this header was not present.
*'''Specific value search:''' Enter the exact header value (or use <code>%</code> as a wildcard for partial matches, e.g., <code>sip:%</code> to find SIP URIs).


These filters appear in the CDR filter form after you have processed at least one call containing the custom header.
'''Boundary method (recommended):''' Extract between delimiters.


=== Limitations ===
Example: From <code>sip:1000@192.168.1.1;tag=123</code>, extract IP:
* Boundary start: <code>@</code>
* Boundary end: <code>;</code>
* Result: <code>192.168.1.1</code>


The GUI custom header feature has the following limitations:
'''Regexp method:''' Use capture groups for complex patterns.
 
<syntaxhighlight lang="text">
# Extract version from: User-Agent: Asterisk/20.6.0
Regexp: Asterisk/([0-9.]+)
Result: 20.6.0
</syntaxhighlight>
 
{{Warning|1=Regexp MUST include parentheses <code>(...)</code> to define what to capture. Without them, the entire match is stored.}}
 
== Filtering by SIP Method and Response Code ==
 
You can filter custom header extraction to specific SIP methods (e.g., INVITE) or SIP response codes (e.g., 300, 404).


{| class="wikitable"
{| class="wikitable"
|-
|-
! Limitation !! Description
! Field !! Description !! Example Usage
|-
| '''No Regexp extraction''' || Custom headers store the '''complete raw header value'''. There is no option to extract portions using regular expressions (e.g., extracting just an IP address from a SIP URI).
|-
|-
| '''No Delimiter aggregation''' || If a SIP header appears multiple times in a message (e.g., multiple Contact headers in a SIP 300 response), only one value is stored. Controlled by <code>custom_headers_last_value</code> in voipmonitor.conf (first or last occurrence).
| CSeq method || Filter by SIP request method || <code>INVITE</code> to capture only from INVITE requests
|-
|-
| '''No per-method filtering''' || Custom headers are captured from all SIP messages. There is no option to capture only from specific SIP methods (INVITE, BYE, etc.) or response codes (200, 300, etc.).
| response code || Filter by SIP response code number || <code>300</code> to capture only from 300 redirect responses
|}
|}


For advanced header extraction needs, contact VoIPmonitor support to discuss custom development or alternative approaches such as external PCAP processing.
=== Example: Extract Contact IP from 300 Redirect Responses ===
 
To filter CDRs for calls involving SIP 300 redirect responses and identify the redirect destination IP:
 
# Navigate to '''Settings > Custom headers > CDR''' in the GUI
# Click '''Add new'''
# Set '''Header field''' to <code>Contact</code>
# Set '''Name''' to descriptive label (e.g., <code>SIP300RedirectDestinations</code>)
# Set '''Regexp''' to <code>sip:.*@([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+);</code> to extract the IP address
# Set '''CSeq method''' to <code>INVITE</code>
# Set '''response code''' to <code>300</code>
# Save the configuration


== Load GeoIP Data ==
Use the new custom header and '''Last SIP response code''' as filters in the CDR list to identify calls with 300 redirects and their destinations.


Loads GeoIP data into the internal database for the [[Call_Detail_Record_-_CDR#Map|CDR detail Map tab]], which displays geographic locations of call participants.
{{Tip|The CSeq method and response code fields allow you to capture headers from specific SIP messages rather than all headers in the call.}}


[[File:settiongs-loadgeoip.png]]
== Database Index for Custom Headers ==


== System Configuration ==
Custom header columns are not indexed by default. For frequent queries:


The System Configuration section contains core settings that affect the overall behavior of the GUI.
<syntaxhighlight lang="sql">
-- Find table/column location
SELECT dynamic_table, dynamic_column FROM cdr_custom_headers
WHERE header_field = 'X-Custom-Header';


=== Basic ===
-- Create index (use values from above query)
CREATE INDEX idx_custom_header_3 ON cdr_next_2 (custom_header_3);
</syntaxhighlight>


[[File:settings-sysbasic.png]]
== Troubleshooting Custom Headers ==


{| class="wikitable"
{| class="wikitable"
|-
|-
! Setting !! Description
! Problem !! Solution
|-
| WEB URL || Base URL for the GUI, used in hypertext links (e.g., in email alerts)
|-
|-
| Sniffer data path || Directory where sniffer stores data (default: <code>/var/spool/voipmonitor</code>)
| Header not captured || Increase <code>snaplen</code> in voipmonitor.conf (default may be too low)
|-
|-
| Default sensor hostname || Default hostname for connecting to the sniffer (default: localhost). For multiple sensors, configure them in Settings > Sensors
| Header truncated || Increase <code>custom_headers_max_size</code> (default: 1024 bytes)
|-
|-
| Default sensor TCP port || Default TCP port for the manager API (default: 5029)
| Not visible in distributed setup || Check <code>server_destination</code> and <code>server_password</code> on sensor
|}
|}


=== Database ===
Verify loaded headers: <code>echo 'custom_headers_dump cdr' | nc localhost 5029</code>
 
Configuration for the MySQL/MariaDB database connection used by the GUI.


[[File:settings-sysdb.png]]
= Load GeoIP Data =


=== National ===
Loads GeoIP data for the [[Call_Detail_Record_-_CDR#Map|CDR Map tab]]. See [[Order_of_GeoIP_processing]] for processing priority.


Settings for localizing call classification and date/time display formats.
= System Configuration =


[[File:settings-sysnational.png]]
== Basic ==


{| class="wikitable"
{| class="wikitable"
Line 173: Line 246:
! Setting !! Description
! Setting !! Description
|-
|-
| Timezone || Server timezone (format: Country/City, e.g., Europe/Prague)
| WEB URL || Base URL for hyperlinks in emails
|-
| National prefix, 2, 3 || Prefixes used to classify calls as national vs. international (used in [[Active_calls|Active calls]] view)
|-
|-
| Max national number length || Numbers longer than this are classified as international regardless of prefix
| Sniffer data path || PCAP storage directory (default: <code>/var/spool/voipmonitor</code>)
|-
|-
| Date format || PHP date format string (default: <code>Y-m-d</code>). See [https://www.php.net/manual/en/datetime.format.php PHP DateTime format]
| Sniffer second datapath || Secondary spool directory (<code>spooldir_2</code>)
|-
|-
| Time format || PHP time format string (default: <code>G:i:s</code>). See [https://www.php.net/manual/en/datetime.format.php PHP DateTime format]
| Default sensor hostname || Default hostname for sniffer connection
|-
|-
| Week start || First day of the week for calendar displays
| Default sensor TCP port || Default manager API port (5029)
|}
|}


=== Intervals ===
{{Warning|1=If sensors connect to wrong destination after upgrade, disable '''Default sensor hostname''' and '''Default sensor TCP port''' in this section. When enabled, sensors ignore individual Manager IP/Port settings.}}
 
== Database ==
 
MySQL/MariaDB connection settings.
 
'''Custom port:''' Enter host with port in MySQL hostname field: <code>127.0.0.1:33306</code>


Default time intervals for various GUI views and filters.
Also configure <code>mysqlport</code> in <code>/etc/voipmonitor.conf</code>. See [[Database_troubleshooting]] for details.


[[File:settings-sysintervals.png]]
== National ==


{| class="wikitable"
{| class="wikitable"
Line 196: Line 273:
! Setting !! Description
! Setting !! Description
|-
|-
| Default CDR interval || Default time filter when entering the CDR section. If set to "specified number of days", configure in the next option
| Timezone || GUI host timezone (for reports/alerts scheduling)
|-
|-
| Default CDR interval in days || Number of days for the CDR filter (only editable if above is set to "specified number of days")
| '''Sensors Timezone''' || '''CDR display timezone''' - set this to fix UTC display issues
|-
|-
| Default dashboard interval || Default time filter when entering the dashboard
| National prefix || Prefixes for national call classification
|-
|-
| Default Legs by CID interval || Time window (+/-) for finding related calls in the Legs by CID tab (default: 5 seconds)
| International prefix || International dialing prefix (e.g., <code>00</code>, <code>011</code>)
|-
|-
| Default Legs by header interval || Time window (+/-) for finding related calls in the Legs by header tab (default: 5 seconds)
| Local number || Country name for number normalization
|}
|}


=== Email / HTTP Referer ===
{{Tip|1=If CDRs display in UTC instead of local time, set '''Sensors Timezone''' (not regular Timezone) to your sensors' timezone.}}
 
== Intervals ==


Email configuration settings.
Default time filters for CDR view, dashboard, and Legs correlation.


[[File:settings-sysemailhttpreferer.png]]
== Email / HTTP Referer ==


{| class="wikitable"
{| class="wikitable"
Line 219: Line 298:
| DEFAULT_EMAIL_FROM || Default "From" address for outgoing emails
| DEFAULT_EMAIL_FROM || Default "From" address for outgoing emails
|-
|-
| Disable email plain text || Enable to force HTML-only emails. Useful for mail clients that display only plain text incorrectly (e.g., older Outlook versions)
| Disable email plain text || Force HTML-only emails
|}
|}


=== GeoIP ===


Configuration for GeoIP services used in the CDR Map view.


[[File:settings-sysgeoip.png]]
=== Troubleshooting Email Delivery ===
 
If users report not receiving verification emails or new user setup emails, verify the email sending status:
 
<b>For Exim mail servers:</b>
<syntaxhighlight lang="bash"># Check Exim mail log for delivery attempts
grep "recipient@example.com" /var/log/exim/main.log
 
# Or search by timestamp
grep "2025-01-09 14:30:" /var/log/exim/main.log
</syntaxhighlight>
 
Look for the response code in the log entry:
* <code>250 message accepted</code> - Email was successfully delivered to remote server. The issue is on the recipient side (spam folder, quarantine, mail filtering).
* No <code>250</code> code - Email delivery failed at the server level. Check mail queue and server MTA configuration.
 
<b>If logs confirm successful delivery:</b> Inform the client that the email left the server successfully and advise them to check their Spam, Bulk, or Junk folders, or consult their internal IT team regarding mail filtering policies.
 
<b>General MTA verification:</b>
<syntaxhighlight lang="bash"># Check if mail agent is running
systemctl status postfix    # or exim4, sendmail
 
# Test email from command line
echo "Test message" | mail -s "VoIPmonitor Test" your@email.com
 
# Check mail queue
mailq
 
# View general mail logs
tail -f /var/log/mail.log    # Debian/Ubuntu
tail -f /var/log/maillog      # RHEL/CentOS
</syntaxhighlight>
== License ==


{| class="wikitable"
{| class="wikitable"
Line 232: Line 341:
! Setting !! Description
! Setting !! Description
|-
|-
| Use GeoIP local database || Enable/disable the internal GeoIP database (if loaded via [[#Load_GeoIP_Data|Load GeoIP Data]])
| License token || Short token for retrieving license from portal
|-
|-
| GeoIP maxmind.com KEY || API key for MaxMind GeoIP service
| License key || Full license key content (multi-line)
|-
|-
| GeoIP ipinfodb.com KEY || API key for IPInfoDB service
| License email || Email for license notifications (leave empty to disable)
|}
|}


=== Advanced ===
'''Update license after payment:''' Click '''get/update license key''' button.


Advanced configuration options for power users and specific use cases.
'''Manual activation:''' Copy full license key from portal (Services > My services) and paste into License key field.


[[File:settings-sysadvanced.png]]
'''Disable notification emails:''' Remove email from "License email" field.
 
== GeoIP ==
 
Configure API keys for MaxMind or IPInfoDB services.
 
== Advanced ==


{| class="wikitable"
{| class="wikitable"
Line 249: Line 364:
! Setting !! Description
! Setting !! Description
|-
|-
| Enable CDR group panel || Show/hide the group panel at the bottom of the CDR view
| ENABLE_CSRF_CHECK || Enable CSRF protection (recommended for production)
|-
|-
| ENABLE_CDR_FORCE_INDEX_CALLDATE || Force use of the calldate index on CDR queries. Enable only for unoptimized MySQL installations experiencing slow queries
| Pcap deduplication before download || Remove duplicate packets from PCAP downloads
|-
|-
| Enable database IP reverse lookup || Resolve IP addresses to names using the internal IP lookup table
| Http proxy (for upgrades) || Proxy for GUI/sniffer upgrades: <code>http://proxy:port</code>
|-
|-
| Enable DNS reverse lookup || Resolve IP addresses to names using DNS
| Enable GUI to run in iframe || Allow embedding in iframes (disabled by default for security)
|-
|-
| Enable database number lookup || Resolve phone numbers to names using the internal prefix lookup table
| CDR share key || Secret for CDR share URLs
|-
|-
| Disable rtpfirstleg param || Disable the <code>--rtp-firstleg</code> parameter for PCAP audio decoding. Enable only if experiencing audio issues
| Always enable 2FA dialog || '''(New in 2026.1)''' Always show 2FA input field in login dialog, even for users without 2FA enabled. Useful for external authentication systems that require 2FA code.
|-
|-
| Disable URL wav protection || Skip session authentication for WAV file downloads. Use with '''WAV download key''' for secure external access
| DISABLE_FAX || '''(New in 2026.1)''' Disables fax (T.38) file downloading from the GUI.
|}
 
'''Firewall requirements:''' Allow outbound HTTPS to:
* <code>voipmonitor.org</code> - License updates
* <code>download.voipmonitor.org</code> - Software upgrades
* <code>share.voipmonitor.org</code> - CDR sharing
* <code>reports.voipmonitor.org</code> - Debug reports
=== Batch Download Filename Format ===
 
'''Location:''' GUI > Settings > System Configuration > Advanced > '''Set the format of the filename for saving'''
 
Controls the filename pattern for PCAP/audio files in batch download ZIP archives.
 
'''Available placeholders:'''
{| class="wikitable"
|-
|-
| WAV download key || Secret key required for WAV downloads when URL protection is disabled
! Placeholder !! Description !! Example
|-
|-
| Hide SIP domain in CDR || Hide SIP domains in the CDR display
| <code>{date}</code> || Call date || <code>2024-09-27</code>
|-
|-
| Hide live play || Hide live playback buttons in [[Active_calls|Active calls]]
| <code>{time}</code> || Call time || <code>12-32-49</code>
|-
|-
| Hide WAV play || Hide WAV playback buttons in CDR view
| <code>{caller}</code> || Caller number || <code>55555</code>
|-
|-
| Upload sniffer conf path || Path to voipmonitor.conf for PCAP upload functionality
| <code>{called}</code> || Called number || <code>555444333222111</code>
|-
|-
| CDR share key || Secret string used to generate unique hashes for CDR share URLs
| <code>{id}</code> || CDR ID || <code>ID5</code>
|-
|-
| Folder for export CSV || Directory where CSV files from [[Reports#CSV_Export_via_Crontab_Scheduler|crontab scheduler tasks]] are saved
| <code>{callid}</code> || '''(New in 2026.1)''' SIP Call-ID string || <code>abc123@192.168.1.1</code>
|}
 
'''Default format:''' <code>{date}_{time}_{caller}_{called}_{id}</code>
 
'''Example output:''' <code>2024-09-27_12-32-49_55555_555444333222111__ID5.pcap</code>
 
'''With Call-ID:''' <code>{date}_{time}_{callid}_{id}</code> → <code>2024-09-27_12-32-49_abc123@192.168.1.1_ID5.pcap</code>
 
 
=== Security Settings ===
 
'''Location:''' Add to <code>php/system_configuration.php</code> (persists after GUI System Configuration changes)
 
<syntaxhighlight lang="php">
<?php
define('ENABLE_CSRF_CHECK', true);
define('ENABLE_POST_METHOD_CHECK', true);
</syntaxhighlight>
 
{| class="wikitable"
|-
! Setting !! Default !! Description
|-
|-
| CSV name prefix || Optional prefix for CSV filenames generated by crontab tasks
| <code>ENABLE_CSRF_CHECK</code> || <code>false</code> || '''(Recommended)''' Enables CSRF token validation for state-changing requests. Protects against Cross-Site Request Forgery attacks where malicious websites could execute actions on behalf of authenticated users.
|-
|-
| Delete CSV after X days || Auto-delete CSV files older than specified days
| <code>ENABLE_POST_METHOD_CHECK</code> || <code>false</code> || '''(Recommended)''' Enforces POST method for state-changing operations. Prevents attacks via GET requests (e.g., password change via malicious link).
|}
|}


== Localization ==
{{Warning|1=For production environments, both settings should be enabled to protect against account takeover attacks (CVSS 7.5). Without these protections, an attacker could change user passwords or 2FA settings via CSRF.}}
 
'''Why system_configuration.php?''' Settings in <code>configuration.php</code> are overwritten when System Configuration is saved via GUI. Place security settings in <code>system_configuration.php</code> to ensure they persist.
 
''New in 2026.1''
= Localization =
 
Create GUI translations. Red numbers indicate untranslated items. Changes apply after logout/login.
 
= CDR View Custom URL =
 
Add custom hyperlinks to CDR Commands column. Use <nowiki>{{paramName}}</nowiki> in URL to include CDR values.


Create custom translations for the GUI interface. Localizations are not 100% complete; please report missing translation items.
= Troubleshooting =


[[File:settings-localisationform.png]]
== Sensors Connect to Wrong Destination After Upgrade ==


[[File:settings-localisationgrid.png]]
'''Cause:''' Default sensor hostname/port settings override individual sensor configurations.


* Red numbers indicate untranslated items, which is useful after upgrading to identify new strings
'''Fix:''' Disable '''Default sensor hostname''' and '''Default sensor TCP port''' in Settings > System Configuration > Basic.
* Changes take effect after logout/login


== CDR View Custom URL ==
== GUI Crashes on Settings > Sensors Page ==


Add custom hyperlinks to the CDR view Commands column. This is useful for integrating external monitoring or CRM systems.
'''Cause:''' Too many obsolete sensor records in database.


=== Configuration ===
'''Fix:''' Delete obsolete records directly:
<syntaxhighlight lang="sql">
-- Check count
SELECT COUNT(*) FROM sensors;
-- Delete obsolete entries (adjust WHERE clause)
DELETE FROM sensors WHERE host LIKE '%old-sensor%';
</syntaxhighlight>
All users must log out and back in after cleanup.


Navigate to '''GUI > Settings > CDR view custom URL'''.
== License Update Fails ==


[[File:cdr_view_custom_url.png]]
'''Cause:''' Firewall blocking outbound HTTPS.


You can include CDR parameters in the URL using two methods:
'''Fix:''' Allow outbound TCP 443 to <code>voipmonitor.org</code>, or configure HTTP proxy in Advanced settings, or use offline activation.


# '''Via Parameters and Custom headers items:''' Values are appended as query parameters (e.g., <code>?paramName=value</code>)
== GUI Not Loading in iframe ==
# '''Directly in URL:''' Use <nowiki>{{paramName}}</nowiki> syntax, which is replaced with the actual value


=== Display ===
'''Fix:''' Enable '''Enable GUI to run in iframe''' in Advanced settings.


Configured custom URLs appear as links in the Commands column of the CDR view.
== PCAP Download Has Fewer Packets Than GUI Shows ==


== AI Summary for RAG ==
'''Cause:''' Pcap deduplication is enabled (removes retransmissions).


'''Summary:''' This article documents VoIPmonitor GUI settings including sensor configuration (with SSL/TLS parameters for decrypting encrypted SIP traffic), CDR custom headers with their limitations, GeoIP data loading, system configuration (basic, database, national, intervals, email, GeoIP, advanced), localization, and custom CDR URLs. Key topics: custom headers store raw SIP header values without regexp extraction or delimiter aggregation; sensor SSL settings (ssl_key, ssl_cert, ssl_ipport) can be configured via GUI wrench icon; sensor troubleshooting for non-deletable local sensors in server/probe deployments.
'''Fix:''' Disable '''Pcap deduplication before download''' in Advanced settings.


'''Keywords:''' GUI settings, sensors, CDR custom headers, header limitations, GeoIP, system configuration, timezone, national prefix, date format, intervals, advanced settings, localization, custom URL, CSV export, ssl_key, ssl_cert, ssl_ipport, tls decryption, ssl configuration
= See Also =


'''Key Questions:'''
* [[Sniffer_configuration]] - Full voipmonitor.conf reference
* How do I configure sensors in the VoIPmonitor GUI?
* [[Sniffer_distributed_architecture]] - Client-Server mode
* How do I configure SSL/TLS settings for a sensor using the GUI?
* [[Tls]] - TLS/SRTP decryption
* How do I enable TLS decryption for specific trunks through the web interface?
* [[Data_Cleaning]] - Storage retention
* Where do I find SSL/TLS parameters (ssl_key, ssl_cert, ssl_ipport) in the GUI?
* [[User_Management]] - User permissions
* How do I delete a non-deletable local sensor in a server/probe deployment?
* [[License]] - License management
* How do I create and configure CDR custom headers?
* Can I extract part of a SIP header using regexp in custom headers?
* Can I aggregate multiple occurrences of a SIP header?
* What are the limitations of CDR custom headers?
* How do I create alerts based on CDR custom headers?
* How do I load GeoIP data for the map view?
* What system configuration options are available?
* How do I set national prefixes and date/time formats?
* What interval settings control CDR and dashboard filters?
* How do I configure GeoIP services?
* How do I create GUI localizations?
* How do I add custom URLs to the CDR view?
* How do I export CDRs to CSV via crontab scheduler?

Latest revision as of 16:09, 19 January 2026


This page documents the configuration options available in the VoIPmonitor web GUI under the Settings menu.

Sensors

Configure sensor connections for multi-sensor deployments. Required when id_sensor is set in /etc/voipmonitor.conf.

Field Description
Sensor ID Numeric ID matching id_sensor in voipmonitor.conf
Name Descriptive name for the sensor
Manager IP IP address (or hostname) for fetching data (PCAP, audio files)
Manager Port TCP port for manager API (default: 5029)
Remote database Database connection for "Legs by CID/header" lookups when sensors use different databases

Multi-Sensor Deployment

Setup:

  1. Set unique id_sensor in each sensor's /etc/voipmonitor.conf
  2. Add sensor entries in Settings > Sensors with matching Sensor ID
  3. Restart sensors: systemctl restart voipmonitor

💡 Tip: For sensors with dynamic IPs, enter a hostname in the Manager IP field, or use Client-Server mode.

Sensor Configuration via Wrench Icon

Click the wrench icon next to a sensor to configure parameters. Use the search field to find settings.

Parameter Description Values
ssl Enable TLS decryption yes / no
ssl_ipport IP:port and key path for TLS 192.168.1.10:5061 /path/to/key.pem
sipport SIP ports to capture 5060,5080 or 5060,5070-5080
savertp RTP recording mode yes (full), no (none), header (stats only)
maxpoolrtpsize Max RTP storage in MB 51200
maxpoolrtpdays Max RTP age in days 30

⚠️ Warning: GUI settings override voipmonitor.conf when mysqlloadconfig is enabled (default). Changes require a full restart (systemctl stop/start), not reload.

For TLS decryption with PFS ciphers, see TLS Decryption Guide.

RRD Health Charts

Click the chart icon next to a sensor to view performance metrics:

  • Buffer usage: Approaching 100% indicates capacity limits
  • Packet drops: Non-zero values indicate sensor overload

ℹ️ Note: High buffer/drops cause low MOS and choppy audio. Solutions: increase ringbuffer in config, add sensors, use DPDK or Napatech.

Disabling a Sensor

⚠️ Warning: The GUI "Disabled" checkbox does NOT stop data collection. The sniffer continues running regardless of GUI status.

To stop data collection:

  • Complete shutdown: systemctl stop voipmonitor on the sensor host
  • Selective blocking: Create capture rule with Skip = ON in Control Panel > Capture Rules

Deleting Sensors

If deletion fails, the sensor likely has capture rules assigned. Remove rules first via Control Panel > Capture Rules.

Non-deletable local sensor (GUI+DB only servers):

On central servers that don't capture traffic, an auto-created "localhost" sensor may appear. To replace it:

  1. Set id_sensor = 1 in /etc/voipmonitor.conf on the central server
  2. In GUI: Add new sensor with Manager IP 127.0.0.1, same Sensor ID, Port 5029
  3. Enable "is server in client/server mode" checkbox
  4. Disable "show active calls from all sensors in active call view" checkbox

CDR Charts

Define predefined charts for the CDR detail Charts tab.

CDR Custom Headers

Capture and display custom SIP headers in CDR views. Requires sniffer version 7.0RC7+.

Setup Workflow

  1. Add header to /etc/voipmonitor.conf:
custom_headers = X-Cisco-Org-ID
  1. Restart sensor: systemctl restart voipmonitor
  2. Generate a test call
  3. Configure in Settings > CDR Custom Headers: select header, set Name, enable "Show as Column"

Configuration Fields

Field Description
Header Field SIP header to capture (from dropdown after restart)
Name Display label in GUI
Match in SIP by Header Enable for Legs by header correlation
Show as Column Display in CDR list view
Restrict to Regex pattern Filter which values to capture
Boundary start/end Extract substring between delimiters
Regexp Extract using regex with capture groups (...)
Select occurrence First found value, Last found value, or Nth occurrence
Nth occurrence (New in 2026.01) When "Nth occurrence" is selected, specify which occurrence number to extract (e.g., 2 for second occurrence). Uses packet timestamps for accurate ordering even when packet reordering is disabled.

Extracting Substrings

Boundary method (recommended): Extract between delimiters.

Example: From sip:1000@192.168.1.1;tag=123, extract IP:

  • Boundary start: @
  • Boundary end: ;
  • Result: 192.168.1.1

Regexp method: Use capture groups for complex patterns. 

# Extract version from: User-Agent: Asterisk/20.6.0
Regexp: Asterisk/([0-9.]+)
Result: 20.6.0

⚠️ Warning: Regexp MUST include parentheses (...) to define what to capture. Without them, the entire match is stored.

Filtering by SIP Method and Response Code

You can filter custom header extraction to specific SIP methods (e.g., INVITE) or SIP response codes (e.g., 300, 404).

Field Description Example Usage
CSeq method Filter by SIP request method INVITE to capture only from INVITE requests
response code Filter by SIP response code number 300 to capture only from 300 redirect responses

Example: Extract Contact IP from 300 Redirect Responses

To filter CDRs for calls involving SIP 300 redirect responses and identify the redirect destination IP:

  1. Navigate to Settings > Custom headers > CDR in the GUI
  2. Click Add new
  3. Set Header field to Contact
  4. Set Name to descriptive label (e.g., SIP300RedirectDestinations)
  5. Set Regexp to sip:.*@([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+); to extract the IP address
  6. Set CSeq method to INVITE
  7. Set response code to 300
  8. Save the configuration

Use the new custom header and Last SIP response code as filters in the CDR list to identify calls with 300 redirects and their destinations.

💡 Tip: The CSeq method and response code fields allow you to capture headers from specific SIP messages rather than all headers in the call.

Database Index for Custom Headers

Custom header columns are not indexed by default. For frequent queries: 

-- Find table/column location
SELECT dynamic_table, dynamic_column FROM cdr_custom_headers
WHERE header_field = 'X-Custom-Header';

-- Create index (use values from above query)
CREATE INDEX idx_custom_header_3 ON cdr_next_2 (custom_header_3);

Troubleshooting Custom Headers

Problem Solution
Header not captured Increase snaplen in voipmonitor.conf (default may be too low)
Header truncated Increase custom_headers_max_size (default: 1024 bytes)
Not visible in distributed setup Check server_destination and server_password on sensor

Verify loaded headers: echo 'custom_headers_dump cdr' | nc localhost 5029

Load GeoIP Data

Loads GeoIP data for the CDR Map tab. See Order_of_GeoIP_processing for processing priority.

System Configuration

Basic

Setting Description
WEB URL Base URL for hyperlinks in emails
Sniffer data path PCAP storage directory (default: /var/spool/voipmonitor)
Sniffer second datapath Secondary spool directory (spooldir_2)
Default sensor hostname Default hostname for sniffer connection
Default sensor TCP port Default manager API port (5029)

⚠️ Warning: If sensors connect to wrong destination after upgrade, disable Default sensor hostname and Default sensor TCP port in this section. When enabled, sensors ignore individual Manager IP/Port settings.

Database

MySQL/MariaDB connection settings.

Custom port: Enter host with port in MySQL hostname field: 127.0.0.1:33306

Also configure mysqlport in /etc/voipmonitor.conf. See Database_troubleshooting for details.

National

Setting Description
Timezone GUI host timezone (for reports/alerts scheduling)
Sensors Timezone CDR display timezone - set this to fix UTC display issues
National prefix Prefixes for national call classification
International prefix International dialing prefix (e.g., 00, 011)
Local number Country name for number normalization

💡 Tip: If CDRs display in UTC instead of local time, set Sensors Timezone (not regular Timezone) to your sensors' timezone.

Intervals

Default time filters for CDR view, dashboard, and Legs correlation.

Email / HTTP Referer

Setting Description
DEFAULT_EMAIL_FROM Default "From" address for outgoing emails
Disable email plain text Force HTML-only emails


Troubleshooting Email Delivery

If users report not receiving verification emails or new user setup emails, verify the email sending status:

For Exim mail servers: 

# Check Exim mail log for delivery attempts
grep "recipient@example.com" /var/log/exim/main.log

# Or search by timestamp
grep "2025-01-09 14:30:" /var/log/exim/main.log

Look for the response code in the log entry:

  • 250 message accepted - Email was successfully delivered to remote server. The issue is on the recipient side (spam folder, quarantine, mail filtering).
  • No 250 code - Email delivery failed at the server level. Check mail queue and server MTA configuration.

If logs confirm successful delivery: Inform the client that the email left the server successfully and advise them to check their Spam, Bulk, or Junk folders, or consult their internal IT team regarding mail filtering policies.

General MTA verification: 

# Check if mail agent is running
systemctl status postfix     # or exim4, sendmail

# Test email from command line
echo "Test message" | mail -s "VoIPmonitor Test" your@email.com

# Check mail queue
mailq

# View general mail logs
tail -f /var/log/mail.log     # Debian/Ubuntu
tail -f /var/log/maillog      # RHEL/CentOS

License

Setting Description
License token Short token for retrieving license from portal
License key Full license key content (multi-line)
License email Email for license notifications (leave empty to disable)

Update license after payment: Click get/update license key button.

Manual activation: Copy full license key from portal (Services > My services) and paste into License key field.

Disable notification emails: Remove email from "License email" field.

GeoIP

Configure API keys for MaxMind or IPInfoDB services.

Advanced

Setting Description
ENABLE_CSRF_CHECK Enable CSRF protection (recommended for production)
Pcap deduplication before download Remove duplicate packets from PCAP downloads
Http proxy (for upgrades) Proxy for GUI/sniffer upgrades: http://proxy:port
Enable GUI to run in iframe Allow embedding in iframes (disabled by default for security)
CDR share key Secret for CDR share URLs
Always enable 2FA dialog (New in 2026.1) Always show 2FA input field in login dialog, even for users without 2FA enabled. Useful for external authentication systems that require 2FA code.
DISABLE_FAX (New in 2026.1) Disables fax (T.38) file downloading from the GUI.

Firewall requirements: Allow outbound HTTPS to:

  • voipmonitor.org - License updates
  • download.voipmonitor.org - Software upgrades
  • share.voipmonitor.org - CDR sharing
  • reports.voipmonitor.org - Debug reports

Batch Download Filename Format

Location: GUI > Settings > System Configuration > Advanced > Set the format of the filename for saving

Controls the filename pattern for PCAP/audio files in batch download ZIP archives.

Available placeholders:

Placeholder Description Example
{date} Call date 2024-09-27
{time} Call time 12-32-49
{caller} Caller number 55555
{called} Called number 555444333222111
{id} CDR ID ID5
{callid} (New in 2026.1) SIP Call-ID string abc123@192.168.1.1

Default format: {date}_{time}_{caller}_{called}_{id}

Example output: 2024-09-27_12-32-49_55555_555444333222111__ID5.pcap

With Call-ID: {date}_{time}_{callid}_{id}2024-09-27_12-32-49_abc123@192.168.1.1_ID5.pcap


Security Settings

Location: Add to php/system_configuration.php (persists after GUI System Configuration changes) 

<?php
define('ENABLE_CSRF_CHECK', true);
define('ENABLE_POST_METHOD_CHECK', true);
Setting Default Description
ENABLE_CSRF_CHECK false (Recommended) Enables CSRF token validation for state-changing requests. Protects against Cross-Site Request Forgery attacks where malicious websites could execute actions on behalf of authenticated users.
ENABLE_POST_METHOD_CHECK false (Recommended) Enforces POST method for state-changing operations. Prevents attacks via GET requests (e.g., password change via malicious link).

⚠️ Warning: For production environments, both settings should be enabled to protect against account takeover attacks (CVSS 7.5). Without these protections, an attacker could change user passwords or 2FA settings via CSRF.

Why system_configuration.php? Settings in configuration.php are overwritten when System Configuration is saved via GUI. Place security settings in system_configuration.php to ensure they persist.

New in 2026.1

Localization

Create GUI translations. Red numbers indicate untranslated items. Changes apply after logout/login.

CDR View Custom URL

Add custom hyperlinks to CDR Commands column. Use {{paramName}} in URL to include CDR values.

Troubleshooting

Sensors Connect to Wrong Destination After Upgrade

Cause: Default sensor hostname/port settings override individual sensor configurations.

Fix: Disable Default sensor hostname and Default sensor TCP port in Settings > System Configuration > Basic.

GUI Crashes on Settings > Sensors Page

Cause: Too many obsolete sensor records in database.

Fix: Delete obsolete records directly: 

-- Check count
SELECT COUNT(*) FROM sensors;
-- Delete obsolete entries (adjust WHERE clause)
DELETE FROM sensors WHERE host LIKE '%old-sensor%';

All users must log out and back in after cleanup.

License Update Fails

Cause: Firewall blocking outbound HTTPS.

Fix: Allow outbound TCP 443 to voipmonitor.org, or configure HTTP proxy in Advanced settings, or use offline activation.

GUI Not Loading in iframe

Fix: Enable Enable GUI to run in iframe in Advanced settings.

PCAP Download Has Fewer Packets Than GUI Shows

Cause: Pcap deduplication is enabled (removes retransmissions).

Fix: Disable Pcap deduplication before download in Advanced settings.

See Also

Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Settings&oldid=10804"