FAQ: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
No edit summary
 
(18 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Scalability =
{{DISPLAYTITLE:FAQ & Common Issues}}
== How does voipmonitor scale? ==
[[Category:GUI manual]]


Read this: [[Scaling]]
'''This page provides answers to frequently asked questions and solutions for common issues encountered during the configuration and operation of VoIPmonitor.'''


== General & Scalability ==


== How to clean old data and database? ==
;How does VoIPmonitor scale for high traffic?
:For a detailed guide on performance tuning, hardware recommendations, and optimizing the three main system bottlenecks (CPU, Disk I/O, Database), please refer to our comprehensive [[Scaling|Scaling and Performance Tuning guide]].


Read this: [[Data Cleaning]]
;How do I manage disk space and database size?
:VoIPmonitor uses separate mechanisms for cleaning PCAP files from the filesystem and CDRs from the database. For a complete walkthrough, see the [[Data_Cleaning|Data Cleaning and Retention guide]].


= CDR =
== CDR (Call Detail Record) View ==
== What is the red small icon in CDR? ==
[[File:Cdrcolumnsredflag.png]]
The red icon in those columns signalize which side sends BYE first.


== How to interpret two charts in the cdr detail? ==
;What does the small red icon in the CDR view mean?
:The red icon ([[File:Cdrcolumnsredflag.png]]) indicates which party in the call sent the `BYE` message first, effectively ending the call.


See this: [http://www.voipmonitor.org/downloads/graph_cheat_sheet.pdf Graph cheat sheet]
;How can I use regular expressions to filter calls?
:The filter bar in the CDR view supports regular expressions. This is useful for finding malformed or unusual data. For example, to find all calls where the caller number contains non-numeric characters, you can use a negative match:
:<code>!R(^[+]?[0-9]+$)</code>


== Regexps examples usable in CDR view ==
;Why is there a delay between when a call ends and when it appears in the CDR view?
!R(^[+]?[0-9]+$) - to get all weird CDRs (where callerNum have letters or special chars in its number)
:This delay is typically caused by the database's inability to keep up with the rate of incoming calls, creating a queue of SQL queries on the sensor. For solutions, please read:
:* [[SQL queue is growing in a peaktime]]
:* [[Minimizing Delay Between Call End and CDR Database Storage]]


= Supported architectures =
;How can I enable millisecond precision for timestamps in the CDR view?
:By default, timestamps are stored with second precision. To enable millisecond precision, please follow the steps in this guide: [[How_to_enable_milliseconds_precision]].


== What architectures are tested? ==
== Platform & Environment Support ==


x86 32 and 64, ARMv5 - (if you have error with missing "__sync_fetch_and_sub_8" you have to upgrade GCC compiler to version 4.8)
;What hardware architectures does the sensor support?
:The sensor is tested and supported on '''x86 (32/64-bit)''' and '''ARMv7/v8''' architectures. If you encounter an error like `__sync_fetch_and_sub_8` on an older ARM device, you may need to upgrade your GCC compiler to version 4.8 or newer.


= Configuration =
;Can I run VoIPmonitor on AWS?
== Why I do not see sip packets other then port 5060? ==
:Yes, AWS is supported. For the license check to function correctly on some Amazon Machine Images (AMIs), you may need to adjust permissions on the root device file.
Voipmonitor sniffer by default sniffs packets only on port 5060 from or to. If you need to sniff more SIP ports you need to specify it in configuration. Please see this: [[Sniffer_configuration#sipport]]
:<pre>chmod 644 /dev/root</pre>


== How to disable timezone check ==
;Is Docker or other container environments supported?
:Yes, the GUI and sensor can run in a containerized environment. However, you must ensure that the content of `/proc/self/cgroup` does not change with every container restart. If it does, the hardware ID will change, and you will be prompted to update your license key after each reboot.


Go to settings -> System configuration -> Advanced section -> Hide timezone information -> Enable and set to TRUE
;Are hosted/cloud databases (like Amazon RDS, Azure Database) supported?
:Yes, VoIPmonitor requires a MySQL-compatible database (MySQL, MariaDB, Percona) and can connect to it regardless of its location. However, the database user requires `SUPER` privilege for creating functions and triggers.


= Licensing =
;What if my cloud database (like Azure) does not grant `SUPER` privilege?
== How to know how many license channels do we need? ==
:If `SUPER` privilege is not available, you must manually set the following server variables in your cloud database configuration console:


You can have unlimited number of phones / endpoints but you need to buy channels according to your maximum number of calls at the same time during peak.
<pre>
log_bin_trust_function_creators = ON
</pre>


Go to GUI -> Tools -> concurrent calls which will show peaks past 14 days. All multiple legs are already aggregated into single channel so you do not need to buy extra channels in case you have two or more CDR per one real call. The intention is to scale pricing based on real concurrent calls not accounting multiple legs of the same calls.  
:Additionally, ensure your database instance has sufficient performance (e.g., at least 1100 IOPS for 5000 concurrent calls on Azure).


== How does having multiple sensors affect the licensing? If I add a 2-3 remote sensors to the system, would they use the same license pool? ==
;Why is packet mirroring not working on VMWare ESXi 6.5+?
:This is often caused by the vSwitch port group being set to VLAN 4095, which activates Virtual Guest Tagging (VGT). In this mode, the guest OS is expected to handle VLAN tags, which can disrupt sniffing.
:*'''Solution:''' Edit the port group settings in vSphere and change the VLAN ID to a specific number (e.g., 0 or your monitoring VLAN ID) instead of 4095.


Central GUI calculates connected channels for the whole database but groups all calls legs as a single call so multiple legs are not counted twice etc.
== Configuration & Features ==


== accident / unwanted spikes ==
;Why don't I see SIP packets on ports other than 5060?
:By default, the sensor only listens for SIP traffic on UDP/TCP port 5060. To monitor additional SIP ports, you must explicitly define them in `voipmonitor.conf`. See the [[Sniffer_configuration#sipport|sipport configuration guide]].


If your license is blocked due to high spike (accident / hack whatever) you need to delete those CDR from database via the GUI (filter those calls and in toolbar use delete buttons) and then try to unblock the license or run "php /var/www/html/php/run.php saveCallStatistics". If you do not want to delete them and you will have higher channels than your license for three consecutive days your license will be blocked after 14 days - you need to upgrade to higher channels license which you can do on voipmonitor.org portal.
;How do I enable IPv6 traffic processing?
:By default, IPv6 is disabled. To enable it on a new installation, set `ipv6=yes` in `voipmonitor.conf`. If you have existing IPv4 data, enabling IPv6 requires a database migration. For detailed instructions, please see the [[How_to_enable_ipv6_processing|IPv6 Enabling Guide]].


= DTMF =
;How do I capture and view SIP `REGISTER` messages?
:By default, `REGISTER` messages are not stored. To enable this, set `sip-register=yes` in `voipmonitor.conf`. For details on how active and failed registrations are stored and how to query them via the API, see the [[Register|documentation on REGISTER monitoring]].


You can enable DTMF RFC2833 or DTMF SIP INFO in voipmonitor.conf by enabling:  
;How can I capture DTMF tones?
:You can enable DTMF capture in `voipmonitor.conf`:
:* For '''RFC2833''' and '''SIP INFO''' methods, set:
: <code>dtmf2db = yes</code>
:* For '''inband DTMF''' (G.711 codec only, requires more CPU), set:
: <code>inbanddtmf = yes</code>


dtmf2db = yes
;How can I use the sensor's manager API securely?
:Modern sniffer versions (32.0+) have API encryption enabled by default. Please refer to the [[Encryption_in_manager_api_customer|Manager API Encryption guide]] for examples on how to use the API with or without encryption.


You can also enable DTMF inband detection (only for G.711) by enabling (it will take some CPU)
;How does VoIPmonitor handle AudioCodes-tunneled traffic?
:VoIPmonitor can process traffic encapsulated in AudioCodes' proprietary tunneling protocol. For setup details, see the [[audiocodes_tunneling|AudioCodes Tunneling guide]].


inbanddtmf = yes
== Licensing ==


;How do I determine the number of license channels I need?
:The license is based on the '''maximum number of concurrent calls''' during your peak hours. It is not based on the number of phones or endpoints. You can find your peak usage by navigating in the GUI to '''Tools -> System Status -> Concurrent calls''', which shows data for the past 14 days. The system intelligently groups multiple call legs (e.g., for a single bridged call) so they only count as one channel towards your license.


= Audio files =
;What happens if my call volume temporarily exceeds my license limit?
== Bulk download of pcaps or audio (wav/ogg)==
:If you have a sudden spike in calls (e.g., due to an attack or unexpected event) that exceeds your license, you have a 14-day grace period to resolve it. You must either:
Read this: [[download of pcap files / audio files using GUI's api]]
:# Delete the CDRs from the spike period via the GUI filter and delete tools.
:# Upgrade your license to a higher channel count via the voipmonitor.org customer portal.
:If the high usage persists for three consecutive days within the grace period, the license will be temporarily blocked until one of these actions is taken.


== Batch download of an audio from CDRs for more then 1000 CDRs==
== Audio & PCAP Files ==
Read this: [[Batch download of audio for 1000+ CDRs]]


== Batch conversion from wav to ogg in a spooldir==
;How can I bulk download audio or PCAP files?
:You can use the GUI API to script bulk downloads. Please see the guide: [[download_of_pcap_files_audio_files_using_GUI's_api|Bulk Download using API]].


If you set saveaudio=wav, the audio files getting created in a spooldir, you can set saveaudio=ogg to save space,
;How do I convert existing WAV audio files to OGG to save space?
but for the calls/audio already stored in spooldir, you need to convert to .ogg and remove .wav
:If you have existing recordings saved as `.wav` and wish to convert them to the more efficient `.ogg` format to save disk space, you can run the following sequence of commands directly in your spool directory (e.g., `/var/spool/voipmonitor`).
Run following commands in a spooldir
<pre>
The first is for coversion wav to ogg, and second is for remove of all wav files from current location.
# Navigate to your spool directory first
cd /var/spool/voipmonitor
cd /var/spool/voipmonitor
find ./ -name *.wav -exec bash -c 'ffmpeg -i $0 -vn -acodec libvorbis ${0/wav/ogg}' {} \;
find ./ -name '*.wav' -exec rm -f {} \;


== Get the audio file from SIP&RTP pcap extracted from spooldir==
# Step 1: Find all .wav files and convert each one to .ogg using ffmpeg.
Read this: [[create audio from packet dumps located in a spooldir]]
# This command preserves the original filename, only changing the extension.
find ./ -name '*.wav' -exec bash -c 'ffmpeg -i "$0" -vn -acodec libvorbis "${0%.wav}.ogg"' {} \;


= GeoIP location services =
# Step 2: After confirming the conversion was successful, delete all the original .wav files.
Read this: [[order of GeoIP processing]]
find ./ -name '*.wav' -exec rm -f {} \;


# Step 3: Set the web server user (e.g., www-data) as the owner of all files.
# This is crucial for the GUI to be able to read and play the new .ogg files.
chown -R www-data:www-data ./
</pre>


= Self signed certificate =
== Administration & Troubleshooting ==
Read this: [[Enable SSL/TLS + self signed certificate for http server]]


= Lost admin's GUI pasword =
;How do I reset a lost admin password for the GUI?
Read this: [[User_Management]]
:Please follow the instructions in the [[User_Management|User Management guide]].


= Corrupted GUI installation, how to reinstall the GUI=
;How do I fix a corrupted GUI installation or reinstall it?
Read this: [[Re-install_the_GUI]]
:A reinstallation can fix issues with corrupted files or incorrect permissions. See the guide here: [[Re-install_the_GUI]].


= Bad sniffer version, how to reinstall the sniffer to latest version =
;The GUI stopped working after a server OS or PHP version upgrade. How do I fix it?
Read this: [[Latest_sniffer]]
:This usually requires re-running the GUI installation script to align with the new PHP version. See: [[GUI_Installation#Re-installing_the_GUI]].


= What does Audit log cover =
;How do I reinstall or upgrade the sniffer to the latest version?
It covers these actions of users in the GUI:
:Instructions for downloading and installing the latest static binary are here: [[Latest_sniffer]].
*download wav
*download pcap
*play wav
*show fax
*batch download
*filter CDR in form
*login
*logout


= Precision for CDRs datetime =
;Can I run multiple instances of the sniffer on a single host?
by default voipmonitor stores CDRs in seconds precision.
:Yes, this is possible for advanced use cases. See the guide: [[Multiple_sniffer_instancies]].
If you need to have in CDR view calldate in milliseconds precission folow next how to [[how to enable milliseconds precision]]


= PCI compliance =
;What user actions are recorded in the Audit Log?
Voipmonitor is PCI compliance ready.
:The Audit Log tracks the following security-sensitive actions in the GUI:
:* Login / Logout
:* Playing or downloading WAV/PCAP files
:* Showing a FAX
:* Using the batch download feature
:* Applying a filter in the CDR view


To control what to store to disk / database check [[https://www.voipmonitor.org/doc/Capture_rules capture rules]]
== PCI compliance ==
VoIPmonitor is designed to be PCI compliance-ready. You have granular control over what data is stored to disk and to the database.


== Turn off audio recording and DTMF via RFC2833 globally ==
;How do I turn off audio recording and DTMF capture globally?
To prevent recording audio and DTMFviaRTP see [[https://www.voipmonitor.org/doc/Sniffer_configuration#savertp savertp=header]]
:* To prevent RTP (audio) payload from being stored while still capturing headers for analysis, use `savertp=header` in `voipmonitor.conf`.
:* To disable RTP capture entirely, use `savertp=no`.
:* To prevent DTMF tones (from SIP INFO or RFC2833) from being saved to the database and PCAP files, use:
:<code>dtmf2db = no</code>
:<code>dtmf2pcap = no</code>


To prevent recording RTP at all [[https://www.voipmonitor.org/doc/Sniffer_configuration#savertp savertp=no]]
;How do I selectively record or not record audio/DTMF?
:VoIPmonitor's powerful '''[[Capture_rules|Capture Rules]]''' allow you to define conditional logic. You can create rules based on IP address, telephone number, SIP domain, or any SIP header to selectively turn audio or DTMF recording ON or OFF for specific calls, enabling you to meet strict compliance requirements.


To prevent recording just DTMF packets (SIP info/rfc2833) into DB and into spooldir (pcaps)
== AI Summary for RAG ==
dtmf2db = no
'''Summary:''' This document serves as a comprehensive FAQ and troubleshooting guide for common VoIPmonitor issues. It covers a wide range of topics, including call data and CDR analysis (red icons, regex filters, CDR delay), platform support (AWS, Docker, VMWare ESXi, cloud databases like Azure), system configuration (monitoring multiple SIP ports, IPv6, DTMF), and licensing (channel calculation, handling spikes). It also provides solutions for managing audio files (bulk download, WAV to OGG conversion) and administrative tasks like resetting passwords, reinstalling the GUI or sniffer, and understanding the Audit Log. A key section addresses PCI compliance, detailing how to selectively or globally disable audio and DTMF recording using capture rules and configuration settings.
dtmf2pcap = no
'''Keywords:''' faq, troubleshooting, cdr, red icon, regex, active calls, aws, docker, container, esxi, vlan 4095, azure, super privilege, sipport, ipv6, dtmf, license, concurrent channels, license spike, audio files, bulk download, wav, ogg, ffmpeg, pci compliance, capture rules, savertp, dtmf2db, audit log, reinstall, lost password, multiple instances
 
'''Key Questions:'''
== Turn off audio recording selectively ==
* Why is there a delay between active calls and the CDR view?
With savertp=yes in /etc/voipmonitor.conf you can disable audio recording only for some IPs / tel.numbers / SIP domains or any SIP header values [[https://www.voipmonitor.org/doc/Capture_rules SAVE RTP=OFF|HEADER]]
* How is VoIPmonitor licensing calculated for concurrent channels?
 
* What happens if my call traffic exceeds my license limit?
== Turn on audio recording selectively  ==
* How can I run VoIPmonitor in Docker or on AWS?
With savertp=no|header in /etc/voipmonitor.conf you can enable audio recording  only for some IPs / tel.numbers / SIP domains or any SIP header values  [[https://www.voipmonitor.org/doc/Capture_rules SAVERTP=ON]] using capture rules.
* Why is packet sniffing not working on my VMWare ESXi server?
 
* How do I enable monitoring for SIP traffic on a non-standard port?
== Turn off DTMF storing to db selectively==
* How can I convert all my recorded WAV files to OGG to save space?
With dtmf2db=yes in /etc/voipmonitor.conf you will force sniffer to store DTMF it detects (RF2833/SIP INFO) into db. If you want to not store the DTMF detected in call into CDR for some IPs / tel.numbers / SIP domains or any SIP header values, create capture rule and set there record DTMF=OFF or record DTMF=only pcap - in case you want DTMF packets to be stored into pcap but not to db.
* How do I selectively disable audio recording for certain calls to be PCI compliant?
 
* How do I enable IPv6 support on a system with existing data?
==Turn off DTMF storing to pcap selectively==
* How do I capture SIP REGISTER messages?
With savertp=yes and savesip=yes in /etc/voipmonitor.conf you will force sniffer to store DTMF(RF2833/SIP INFO) it detects into pcap. If you want to not store DTMF detected into pcap for some IPs / tel.numbers / SIP domains but you still need to collect SIP and RTP for these calls, create capture rule and set there record DTMF=OFF or record DTMF=only db.
 
==Turn off DTMF storing to pcap and DB selectively==
If you want to not store the DTMF detected in call's pcap for some IPs / tel.numbers / SIP domains or any SIP header values, create capture rule and set there record DTMF=OFF. (DTMF via SIP info and DTMF RFC2833) will not be stored to packets records, and to db.
 
 
==Disable spying on live calls==
You can disable possibility of GUI to do live spying on calls that uses g711 codec, in the sniffers config set option liveaudio=no
 
=How to enable milliseconds precision=
 
[[How_to_enable_milliseconds_precision]]
 
=How to enalbe ipv6 processing=
By default is voipmonitor processing ipv4 traffic.
==New Database or old CDRs can be removed==
Set in /etc/voipmonitor.conf
ipv6=yes
 
(Drop database voipmonitor, create new and then restart the sniffer service)
 
==Database already contains CDRs ipv4==
Because the data by default gets stored into int column using inet_aton, but ipv6 it storing it into different type of a same column with inet6_aton functions - then it is necessary to use additional steps:
===Easy way===
let know to the GUI that there are IP adresses stored in various formats with:
IPV6_SAFE_CONDITION_FOR_IPV4 set to true in GUI's configuration.php (GUI->Settings->system configuration->Advanced: Combines IPv4 queries with using....
 
then run the column's ALTERS described in GUIs installation dir in file
/var/www/html/scripts/ipv6_alter.sql
then set ipv6=yes in /etc/voipmonitor.conf and restart sniffer service
 
Beware that the GUI's IPV6 option will decrease the performance of a GUI - you should have it there enabled only until the CDRs prior to date of ipv6 change in columns are present.
 
===Better Way===
first modify the columns type using all the alters documented in GUIs installation file /var/www/html/scripts/ipv6_alter.sql
and then UPDATE all the related CDR tables(data) -  (move content ipv4 to ipv6 datasize)
Example for cdr table only:
UPDATE cdr
set
a_saddr = inet6_aton(inet_ntoa(a_saddr)),
b_saddr = inet6_aton(inet_ntoa(b_saddr)),
sipcallerip = inet6_aton(inet_ntoa(sipcallerip)),
sipcalledip = inet6_aton(inet_ntoa(sipcalledip));
 
Because there needs to be run multiple updates/alters we are developing new migration mode that will be able to migrate the ipv4 to ipv6 columns with data modifications.
Please contact the support@voipmonitor.org if you need help in enabling ipv6 with current CDRs in ipv4.
 
= Register packets =
By default is collecting of register packets disabled. You can enable it with option '''sip-register=yes''' in /etc/voipmonitor.conf and service restart.
More reading in [[https://www.voipmonitor.org/doc/Register in register doc]]
 
== Where are Register records stored? ==
=== Active register ===
Unlike tables for states and failed registrations, there is no table in database for active registrations - you need to ask api of the voipmonitor sniffer service for list of registers
 
Here is [[https://www.voipmonitor.org/doc/Register_active example script]] that lists all active registrations if sipcallerip is matching the only argument
 
=== Failed register ===
there is in '''voipmonitor''' database the table '''register_failed''' where are all failed register stored (in case there is multipletimes same failures in short interval the column '''counter''' representing how many failed register requests there was in interval 120s instead of creating record for each.
 
=== Register State ===
there is in '''voipmonitor''' database the table '''register_state''' where are all expired/unregistered records stored.
 
= Geek's/Developer's corner =
Read this: [[Internal_support_hints]]
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
.

Latest revision as of 10:09, 30 June 2025


This page provides answers to frequently asked questions and solutions for common issues encountered during the configuration and operation of VoIPmonitor.

General & Scalability

How does VoIPmonitor scale for high traffic?
For a detailed guide on performance tuning, hardware recommendations, and optimizing the three main system bottlenecks (CPU, Disk I/O, Database), please refer to our comprehensive Scaling and Performance Tuning guide.
How do I manage disk space and database size?
VoIPmonitor uses separate mechanisms for cleaning PCAP files from the filesystem and CDRs from the database. For a complete walkthrough, see the Data Cleaning and Retention guide.

CDR (Call Detail Record) View

What does the small red icon in the CDR view mean?
The red icon () indicates which party in the call sent the `BYE` message first, effectively ending the call.
How can I use regular expressions to filter calls?
The filter bar in the CDR view supports regular expressions. This is useful for finding malformed or unusual data. For example, to find all calls where the caller number contains non-numeric characters, you can use a negative match:
!R(^[+]?[0-9]+$)
Why is there a delay between when a call ends and when it appears in the CDR view?
This delay is typically caused by the database's inability to keep up with the rate of incoming calls, creating a queue of SQL queries on the sensor. For solutions, please read:
How can I enable millisecond precision for timestamps in the CDR view?
By default, timestamps are stored with second precision. To enable millisecond precision, please follow the steps in this guide: How_to_enable_milliseconds_precision.

Platform & Environment Support

What hardware architectures does the sensor support?
The sensor is tested and supported on x86 (32/64-bit) and ARMv7/v8 architectures. If you encounter an error like `__sync_fetch_and_sub_8` on an older ARM device, you may need to upgrade your GCC compiler to version 4.8 or newer.
Can I run VoIPmonitor on AWS?
Yes, AWS is supported. For the license check to function correctly on some Amazon Machine Images (AMIs), you may need to adjust permissions on the root device file.
chmod 644 /dev/root
Is Docker or other container environments supported?
Yes, the GUI and sensor can run in a containerized environment. However, you must ensure that the content of `/proc/self/cgroup` does not change with every container restart. If it does, the hardware ID will change, and you will be prompted to update your license key after each reboot.
Are hosted/cloud databases (like Amazon RDS, Azure Database) supported?
Yes, VoIPmonitor requires a MySQL-compatible database (MySQL, MariaDB, Percona) and can connect to it regardless of its location. However, the database user requires `SUPER` privilege for creating functions and triggers.
What if my cloud database (like Azure) does not grant `SUPER` privilege?
If `SUPER` privilege is not available, you must manually set the following server variables in your cloud database configuration console:
 log_bin_trust_function_creators = ON
Additionally, ensure your database instance has sufficient performance (e.g., at least 1100 IOPS for 5000 concurrent calls on Azure).
Why is packet mirroring not working on VMWare ESXi 6.5+?
This is often caused by the vSwitch port group being set to VLAN 4095, which activates Virtual Guest Tagging (VGT). In this mode, the guest OS is expected to handle VLAN tags, which can disrupt sniffing.
  • Solution: Edit the port group settings in vSphere and change the VLAN ID to a specific number (e.g., 0 or your monitoring VLAN ID) instead of 4095.

Configuration & Features

Why don't I see SIP packets on ports other than 5060?
By default, the sensor only listens for SIP traffic on UDP/TCP port 5060. To monitor additional SIP ports, you must explicitly define them in `voipmonitor.conf`. See the sipport configuration guide.
How do I enable IPv6 traffic processing?
By default, IPv6 is disabled. To enable it on a new installation, set `ipv6=yes` in `voipmonitor.conf`. If you have existing IPv4 data, enabling IPv6 requires a database migration. For detailed instructions, please see the IPv6 Enabling Guide.
How do I capture and view SIP `REGISTER` messages?
By default, `REGISTER` messages are not stored. To enable this, set `sip-register=yes` in `voipmonitor.conf`. For details on how active and failed registrations are stored and how to query them via the API, see the documentation on REGISTER monitoring.
How can I capture DTMF tones?
You can enable DTMF capture in `voipmonitor.conf`:
  • For RFC2833 and SIP INFO methods, set:
dtmf2db = yes
  • For inband DTMF (G.711 codec only, requires more CPU), set:
inbanddtmf = yes
How can I use the sensor's manager API securely?
Modern sniffer versions (32.0+) have API encryption enabled by default. Please refer to the Manager API Encryption guide for examples on how to use the API with or without encryption.
How does VoIPmonitor handle AudioCodes-tunneled traffic?
VoIPmonitor can process traffic encapsulated in AudioCodes' proprietary tunneling protocol. For setup details, see the AudioCodes Tunneling guide.

Licensing

How do I determine the number of license channels I need?
The license is based on the maximum number of concurrent calls during your peak hours. It is not based on the number of phones or endpoints. You can find your peak usage by navigating in the GUI to Tools -> System Status -> Concurrent calls, which shows data for the past 14 days. The system intelligently groups multiple call legs (e.g., for a single bridged call) so they only count as one channel towards your license.
What happens if my call volume temporarily exceeds my license limit?
If you have a sudden spike in calls (e.g., due to an attack or unexpected event) that exceeds your license, you have a 14-day grace period to resolve it. You must either:
  1. Delete the CDRs from the spike period via the GUI filter and delete tools.
  2. Upgrade your license to a higher channel count via the voipmonitor.org customer portal.
If the high usage persists for three consecutive days within the grace period, the license will be temporarily blocked until one of these actions is taken.

Audio & PCAP Files

How can I bulk download audio or PCAP files?
You can use the GUI API to script bulk downloads. Please see the guide: Bulk Download using API.
How do I convert existing WAV audio files to OGG to save space?
If you have existing recordings saved as `.wav` and wish to convert them to the more efficient `.ogg` format to save disk space, you can run the following sequence of commands directly in your spool directory (e.g., `/var/spool/voipmonitor`).
# Navigate to your spool directory first
cd /var/spool/voipmonitor

# Step 1: Find all .wav files and convert each one to .ogg using ffmpeg.
# This command preserves the original filename, only changing the extension.
find ./ -name '*.wav' -exec bash -c 'ffmpeg -i "$0" -vn -acodec libvorbis "${0%.wav}.ogg"' {} \;

# Step 2: After confirming the conversion was successful, delete all the original .wav files.
find ./ -name '*.wav' -exec rm -f {} \;

# Step 3: Set the web server user (e.g., www-data) as the owner of all files.
# This is crucial for the GUI to be able to read and play the new .ogg files.
chown -R www-data:www-data ./

Administration & Troubleshooting

How do I reset a lost admin password for the GUI?
Please follow the instructions in the User Management guide.
How do I fix a corrupted GUI installation or reinstall it?
A reinstallation can fix issues with corrupted files or incorrect permissions. See the guide here: Re-install_the_GUI.
The GUI stopped working after a server OS or PHP version upgrade. How do I fix it?
This usually requires re-running the GUI installation script to align with the new PHP version. See: GUI_Installation#Re-installing_the_GUI.
How do I reinstall or upgrade the sniffer to the latest version?
Instructions for downloading and installing the latest static binary are here: Latest_sniffer.
Can I run multiple instances of the sniffer on a single host?
Yes, this is possible for advanced use cases. See the guide: Multiple_sniffer_instancies.
What user actions are recorded in the Audit Log?
The Audit Log tracks the following security-sensitive actions in the GUI:
  • Login / Logout
  • Playing or downloading WAV/PCAP files
  • Showing a FAX
  • Using the batch download feature
  • Applying a filter in the CDR view

PCI compliance

VoIPmonitor is designed to be PCI compliance-ready. You have granular control over what data is stored to disk and to the database.

How do I turn off audio recording and DTMF capture globally?
  • To prevent RTP (audio) payload from being stored while still capturing headers for analysis, use `savertp=header` in `voipmonitor.conf`.
  • To disable RTP capture entirely, use `savertp=no`.
  • To prevent DTMF tones (from SIP INFO or RFC2833) from being saved to the database and PCAP files, use:
dtmf2db = no
dtmf2pcap = no
How do I selectively record or not record audio/DTMF?
VoIPmonitor's powerful Capture Rules allow you to define conditional logic. You can create rules based on IP address, telephone number, SIP domain, or any SIP header to selectively turn audio or DTMF recording ON or OFF for specific calls, enabling you to meet strict compliance requirements.

AI Summary for RAG

Summary: This document serves as a comprehensive FAQ and troubleshooting guide for common VoIPmonitor issues. It covers a wide range of topics, including call data and CDR analysis (red icons, regex filters, CDR delay), platform support (AWS, Docker, VMWare ESXi, cloud databases like Azure), system configuration (monitoring multiple SIP ports, IPv6, DTMF), and licensing (channel calculation, handling spikes). It also provides solutions for managing audio files (bulk download, WAV to OGG conversion) and administrative tasks like resetting passwords, reinstalling the GUI or sniffer, and understanding the Audit Log. A key section addresses PCI compliance, detailing how to selectively or globally disable audio and DTMF recording using capture rules and configuration settings. Keywords: faq, troubleshooting, cdr, red icon, regex, active calls, aws, docker, container, esxi, vlan 4095, azure, super privilege, sipport, ipv6, dtmf, license, concurrent channels, license spike, audio files, bulk download, wav, ogg, ffmpeg, pci compliance, capture rules, savertp, dtmf2db, audit log, reinstall, lost password, multiple instances Key Questions:

  • Why is there a delay between active calls and the CDR view?
  • How is VoIPmonitor licensing calculated for concurrent channels?
  • What happens if my call traffic exceeds my license limit?
  • How can I run VoIPmonitor in Docker or on AWS?
  • Why is packet sniffing not working on my VMWare ESXi server?
  • How do I enable monitoring for SIP traffic on a non-standard port?
  • How can I convert all my recorded WAV files to OGG to save space?
  • How do I selectively disable audio recording for certain calls to be PCI compliant?
  • How do I enable IPv6 support on a system with existing data?
  • How do I capture SIP REGISTER messages?
Retrieved from "https://www.voipmonitor.org//doc/index.php?title=FAQ&oldid=5338"