Sniffer installation: Difference between revisions

From VoIPmonitor.org
(Add section about automatic schema modification safety when installing to existing production databases (1000-CDR threshold, manual ALTER queries during low-traffic period, id_sensor requirements))
Tag: Reverted
m (Reverted edit by Admin (talk) to last revision by Festr)
Tag: Rollback
 
(8 intermediate revisions by 2 users not shown)
Line 18: Line 18:


{{Tip|The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.}}
{{Tip|The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.}}
== Installating to Existing Production Databases ==
{{Warning|When installing a new VoIPmonitor sensor and connecting it to an '''existing production database''', you must understand the automatic schema modification safety mechanism to avoid downtime or data corruption.}}
=== Automatic Schema Modification Safety ===
The VoIPmonitor sniffer includes a safety mechanism to prevent accidental schema modifications on busy databases:
* Databases with ''' fewer than 1000 CDRs''': The sniffer will automatically execute required <code>ALTER TABLE</code> queries
* Databases with '''more than 1000 CDRs''': The sniffer will '''NOT** automatically modify tables. Instead, it will log the required <code>ALTER</code> queries to syslog upon service restart
=== Checking Schema Update Logs ===
After starting a new sensor connected to an existing database, check the logs for any pending schema updates:
<syntaxhighlight lang="bash">
# Check for ALTER recommendations in logs
sudo journalctl -u voipmonitor -n 50 | grep -i "alter"
# Alternative: Check syslog or messages
sudo grep -i "alter" /var/log/syslog | tail -20
# Alternative: Check journalctl for voipmonitor
sudo journalctl -u voipmonitor --since "1 hour ago" | grep -i "alter"
</syntaxhighlight>
=== Manually Applying Schema Updates ===
For large databases, manually execute the logged <code>ALTER</code> queries during a low-traffic period (e.g., overnight or maintenance window) to prevent table locking:
<syntaxhighlight lang="bash">
# Connect to MySQL
mysql -u root -p voipmonitor
# Execute the ALTER queries from the logs
ALTER TABLE cdr ADD COLUMN new_column VARCHAR(255);
# ... (execute other ALTER queries as logged)
</syntaxhighlight>
{{Warning|<code>ALTER TABLE</code> operations can cause table locking and impact performance. Only execute during low-traffic periods after thorough testing in a staging environment.}}
=== Multiple Sensors Connected to Same Database ===
When running multiple sensors simultaneously connected to the same database:
1. Set a '''unique <code>id_sensor</code> value''' in <code>/etc/voipmonitor.conf</code> on each sensor:
<syntaxhighlight lang="ini">
# Sensor 1
id_sensor = 1
# Sensor 2
id_sensor = 2
# Sensor 3
id_sensor = 3
</syntaxhighlight>
2. Adjust hardware-dependent settings on each server independently:
* <code>interface</code> - Network interface to monitor
* <code>max_buffer_mem</code> - Buffer memory allocation
* <code>spooldir</code> - Local PCAP storage path
* <code>maxpoolsize</code> - Spool size limit in MB
3. Ensure each sensor has adequate hardware resources (CPU, RAM, storage) based on expected traffic load
{{Note|For distributed client-server deployments, see [[Sniffer_distributed_architecture|Distributed Architecture Guide]] for detailed configuration options.}}


== Installation Overview ==
== Installation Overview ==
Line 104: Line 37:
:Edit /etc/voipmonitor.conf;
:Edit /etc/voipmonitor.conf;
note right: Database, interface, id_sensor
note right: Database, interface, id_sensor
:Check for schema update logs;
note right: If connecting to existing DB with >1000 CDRs
:Apply schema updates manually;
note right: During low-traffic period
:Start and enable service;
:Start and enable service;
note right: systemctl start/enable
note right: systemctl start/enable
Line 114: Line 43:
stop
stop


@enduml>
@enduml
</kroki>
</kroki>


Line 310: Line 239:
* [[Data_Cleaning|Data Cleaning and Retention]]
* [[Data_Cleaning|Data Cleaning and Retention]]
* [[Systemd_for_voipmonitor_service_management|systemd Service Management]]
* [[Systemd_for_voipmonitor_service_management|systemd Service Management]]


== AI Summary for RAG ==
== AI Summary for RAG ==

Latest revision as of 13:37, 10 January 2026


This guide provides step-by-step instructions for installing the VoIPmonitor sensor (sniffer). The recommended method is the pre-compiled static binary.

Understanding VoIPmonitor Components

VoIPmonitor consists of two separate components:

Component Description Requirements
Sniffer / Sensor (This Guide) Static binary that captures and analyzes VoIP traffic. Self-contained - no web server, PHP, or local database required. Linux (kernel 2.6.18+), root privileges
Web GUI PHP web interface for viewing data and configuration. Web server (Apache/Nginx), PHP, MySQL/MariaDB. See GUI Installation Guide

💡 Tip: The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.

Installation Overview

Step 1: Download the Static Binary

Download the archive for your system architecture:

Architecture Download Command
64-bit (x86_64) wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O voipmonitor-sniffer.tar.gz
32-bit (i686) wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz -O voipmonitor-sniffer.tar.gz
ARM (Raspberry Pi) wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz -O voipmonitor-sniffer.tar.gz

ℹ️ Note: If the primary URL hangs (common on Debian 11/12), use the alternative: wget https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz

Step 2: Extract and Install

tar xzf voipmonitor-sniffer.tar.gz
cd voipmonitor-*-static
sudo ./install-script.sh

The script installs:

  • Binary to /usr/local/sbin/voipmonitor
  • Config to /etc/voipmonitor.conf
  • Service to /etc/init.d/voipmonitor

ℹ️ Note: The service always runs as root regardless of installation prompts - this is required for packet capture privileges.

Step 3: Configure

Edit the configuration file: 

nano /etc/voipmonitor.conf

Essential settings:

Parameter Description Example
mysqlhost Database server address 192.168.1.100
mysqldb Database name voipmonitor
mysqluser Database user voipmonitor
mysqlpassword Database password secret
interface Network interface to monitor eth0
id_sensor Unique ID (1-65535) for multi-sensor deployments 1

For complete configuration options, see Sniffer Configuration Reference.

System Resource Requirements

Resource Recommendation
CPU Main capture thread (t0) uses 1 core. Monitor t0CPU - if >90%, consider faster CPU or additional sensors.
RAM 2-4 GB for <500 calls; 8-16 GB for 2000+ calls. Account for MySQL if co-located.
Disk I/O HDD: ~2000 concurrent calls. SSD/RAID WriteBack for higher throughput.
Storage Plan based on retention policy and daily call volume.

For performance tuning, see Scaling and Performance Tuning.

Step 4: Start the Service

systemctl start voipmonitor
systemctl enable voipmonitor

Other commands: systemctl stop voipmonitor, systemctl status voipmonitor

For advanced systemd configuration, see systemd Service Management.

Step 5: Verify

# Check service status
systemctl status voipmonitor

# Monitor live logs
journalctl -u voipmonitor -f

Look for output like calls[X][Y] PS[...] SQLq[0] confirming traffic capture.

If no calls appear, see Sniffer Troubleshooting.

Downloading Specific Versions

For specific versions or automation: 

# Specific version (replace VERSION, e.g., 2025.07.1)
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-VERSION-static.tar.gz

# Example
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-2025.07.1-static.tar.gz

# Historical releases with SS7 module
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-sniffer.tar.gz

Direct download URLs work without portal login - ideal for automation, CI/CD, Ansible, Puppet, etc.

Advanced Installation

Legacy OS (CentOS 6, older glibc)

  1. Download the oldest available binary from the download page (better glibc compatibility)
  2. If GUI shows ionCube errors, install the "Linux glibc2.4 (64 bits)" loader from ioncube.com

Manual Development Build Upgrade

mkdir /tmp/new-sniffer && cd /tmp/new-sniffer
wget https://download.voipmonitor.org/some-development-build.tar.gz -O sniffer.tar.gz
tar xzf sniffer.tar.gz

systemctl stop voipmonitor
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
cp voipmonitor-*-static/voipmonitor /usr/local/sbin/voipmonitor
systemctl start voipmonitor

Compiling from Source (ARM64/Special Cases)

ℹ️ Note: Only for developers or when static binary is unavailable (e.g., ARM64/aarch64). 

# Install dependencies (Debian 12)
apt install git make g++ unixodbc-dev libvorbis-dev libmp3lame-dev libmpg123-dev \
    libpcap-dev libssl-dev libsnappy-dev libcurl4-openssl-dev libicu-dev libpng-dev \
    libjpeg-dev libfftw3-dev libjson-c-dev librrd-dev libglib2.0-dev libxml2-dev \
    libmariadb-dev-compat libmariadb-dev libzstd-dev liblz4-dev liblzma-dev \
    liblzo2-dev gnutls-dev libgcrypt-dev libgoogle-perftools-dev

# Clone and compile
cd /usr/src
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer
./configure
make

# Install
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.static  # backup if exists
mv /usr/src/sniffer/voipmonitor /usr/local/sbin/voipmonitor
systemctl restart voipmonitor

For automatic git-based upgrades, add to /etc/voipmonitor.conf: 

upgrade_by_git = yes
git_folder = /usr/src/sniffer

Uninstallation

systemctl stop voipmonitor
systemctl disable voipmonitor
rm -f /etc/systemd/system/voipmonitor.service
rm -f /etc/init.d/voipmonitor
rm -f /usr/local/sbin/voipmonitor
systemctl daemon-reload
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup

⚠️ Warning: Spool directory contains PCAP files and recordings! Only delete if you no longer need this data: rm -rf /var/spool/voipmonitor

See Also

AI Summary for RAG

Summary: Step-by-step guide for installing VoIPmonitor sensor (sniffer) using pre-compiled static binaries. Process: download correct archive for architecture (64-bit, 32-bit, ARM), run install-script.sh, configure /etc/voipmonitor.conf (database, interface, id_sensor), start with systemctl. Service always runs as root. Direct download URLs (https://download.voipmonitor.org/...) work without login for automation. Covers system requirements (CPU t0 thread, RAM 2-16GB based on call volume, disk I/O), specific version downloads, legacy OS compatibility, compiling from source for ARM64, and uninstallation.

Keywords: install, installation, sniffer, sensor, static binary, install-script.sh, download, wget, systemd, systemctl, id_sensor, multi-sensor, ARM64, aarch64, Raspberry Pi, compile from source, git, upgrade_by_git, uninstall, CentOS 6, legacy, automation, CI/CD, direct download

Key Questions:

  • How do I install the VoIPmonitor sniffer?
  • Where can I download the sensor static binary?
  • How do I configure id_sensor for multi-sensor deployments?
  • What are the CPU and RAM requirements?
  • How do I start and enable the voipmonitor service?
  • What if the download URL hangs or fails?
  • How do I install on legacy CentOS 6?
  • How do I compile from source on ARM64?
  • How do I uninstall VoIPmonitor?
  • What are the direct download URLs for automation?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Sniffer_installation&oldid=10561"