Multiple sniffer instancies: Difference between revisions

From VoIPmonitor.org
(Review: přidán diagram architektury, opravena systemd konfigurace (správná binárka voipmonitor), přidány 1= prefixy pro šablony s =, opraveno číslování seznamu, přidána kategorie)
(Add use case: Multiple receiver instances for preventing CDR merging)
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:
[[Category:Configuration]]
[[Category:Configuration]]


Running multiple VoIPmonitor sniffer instances on a single host is useful when you need to:
Running multiple VoIPmonitor sniffer instances on a single host allows you to:
* Monitor multiple PBX systems via separate network interfaces
* Monitor multiple PBX systems via separate network interfaces
* Distinguish calls by the network interface they arrived through
* Assign different <code>id_sensor</code> values for licensing or organizational purposes
* Assign different <code>id_sensor</code> values for licensing or organizational purposes
* Use completely separate storage paths for different instances
* Use separate storage paths (<code>spooldir</code>) for each instance
* '''Prevent CDR merging from multiple sensors in packet mirroring mode''' (see below)


<kroki lang="mermaid">
<kroki lang="mermaid">
Line 23: Line 23:
</kroki>
</kroki>


{{Warning|1=Do NOT use the GUI wrench icon to configure interfaces when running multiple instances. Interface settings must be configured in the local configuration files only.}}
{{Warning|1=Do NOT use the GUI wrench icon to configure interfaces when running multiple instances. Interface settings must be configured in local configuration files only.}}


== Step-by-Step Setup Procedure ==
== Use Case: Multiple Receivers Preventing CDR Merging ==


To add a second instance when a single instance is already running correctly, follow these steps:
When multiple sensors send packets to a '''single receiver instance''' in packet mirroring mode (<code>packetbuffer_sender=yes</code>), calls may be merged into single CDRs, preventing per-sensor concurrent call monitoring.


=== Step 1: Copy the main configuration file ===
'''Solution:''' Run multiple voipmonitor receiver instances on the same host, one per sensor. Each instance binds to a dedicated <code>server_bind_port</code> and processes only that sensor's traffic.


<syntaxhighlight lang="bash">
<syntaxhighlight lang="ini">
cp -a /etc/voipmonitor.conf /etc/voipmon2.conf
# /etc/voipmonitor-sensor1.conf
id_sensor          = 1
server_bind        = 0.0.0.0:60024
server_bind_port  = 60024
server_password    = password1
 
# /etc/voipmonitor-sensor2.conf
id_sensor          = 2
server_bind        = 0.0.0.0:60025
server_bind_port  = 60025
server_password    = password2
</syntaxhighlight>
</syntaxhighlight>


=== Step 2: Copy and modify the init script (if using init.d) ===
Configure each remote sensor to send to its dedicated port:
<syntaxhighlight lang="ini">
# On Sensor 1
server_destination      = receiver.host.ip
server_destination_port = 60024


<syntaxhighlight lang="bash">
# On Sensor 2
cp -a /etc/init.d/voipmonitor /etc/init.d/voipmon2
server_destination      = receiver.host.ip
server_destination_port = 60025
</syntaxhighlight>
</syntaxhighlight>


Edit the new script and replace all occurrences of <code>voipmonitor</code> with <code>voipmon2</code>:
'''Note:''' Configuration options like <code>id_sensor</code> or <code>cdr_check_unique_callid_in_sensors</code> '''do not''' prevent CDR merging in packet mirroring mode. The only solution is separate receiver instances.


<syntaxhighlight lang="bash">
== Configuration Requirements ==
vim /etc/init.d/voipmon2
# In vim, use: :%s/voipmonitor/voipmon2/g
</syntaxhighlight>


=== Step 3: Edit the new configuration file ===
Each instance requires unique values for these parameters:
 
Edit <code>/etc/voipmon2.conf</code> and modify these critical options:


{| class="wikitable"
{| class="wikitable"
|-
|-
! Option !! Purpose !! Requirements
! Option !! Purpose !! Example (Instance 2)
|-
| <code>id_sensor</code> || Sensor ID for licensing/organization || Must be unique per instance
|-
|-
| <code>interface</code> || Network interface(s) to sniff || Must be unique or non-overlapping
| <code>id_sensor</code> || Sensor ID for licensing/GUI || <code>2</code>
|-
|-
| <code>managerport</code> || API port for GUI communication || Must be unique per instance (e.g., 5030, 5031)
| <code>interface</code> || Network interface to capture || <code>eth1</code>
|-
|-
| <code>server_bind</code> || Server process bind address/port || Must be unique per instance
| <code>managerport</code> || API port for GUI communication || <code>5030</code>
|-
|-
| <code>mirror_bind</code> || Mirror process bind address/port || Must be unique per instance
| <code>server_bind</code> || Server mode bind address:port || <code>127.0.0.1:60025</code>
|-
|-
| <code>spooldir</code> || Directory for PCAP/graph/audio files || Must be unique per instance
| <code>mirror_bind</code> || Mirror mode bind address:port || <code>127.0.0.1:60026</code>
|-
|-
| <code>maxpoolsize</code> || Maximum storage size for spooldir || Adjust for available disk space
| <code>spooldir</code> || PCAP/audio storage directory || <code>/var/spool/voipmonitor2</code>
|}
|}


{{Note|1=All '''bind options''' (server_bind, mirror_bind, etc.) must have unique values across all instances to prevent port conflicts.}}
== Step-by-Step Setup ==


Example configuration for <code>/etc/voipmon2.conf</code>:
=== Step 1: Copy configuration file ===
 
<syntaxhighlight lang="bash">
cp -a /etc/voipmonitor.conf /etc/voipmon2.conf
</syntaxhighlight>
 
=== Step 2: Edit the new configuration ===
 
Edit <code>/etc/voipmon2.conf</code> and set unique values:


<syntaxhighlight lang="ini">
<syntaxhighlight lang="ini">
Line 79: Line 95:
interface = eth1
interface = eth1
managerport = 5030
managerport = 5030
server_bind = 127.0.0.1:5031
server_bind = 127.0.0.1:60025
mirror_bind = 127.0.0.1:5032
mirror_bind = 127.0.0.1:60026
spooldir = /var/spool/voipmonitor2
spooldir = /var/spool/voipmonitor2
</syntaxhighlight>
</syntaxhighlight>


=== Step 4: Verify RAM and storage capacity ===
=== Step 3: Create systemd service ===
 
Create <code>/etc/systemd/system/voipmon2.service</code>:


Ensure the total resources across all instances do not exceed available capacity:
<syntaxhighlight lang="ini">
[Unit]
Description=VoIPmonitor Instance 2
After=network.target mysql.service


* '''RAM:''' The sum of <code>ringbuffer</code> and <code>max_buffer_mem</code> from all instances must not exceed available free RAM
[Service]
* '''Storage:''' The sum of <code>maxpoolsize</code> for all instance spool directories must not exceed available disk space
Type=forking
ExecStart=/usr/local/sbin/voipmonitor --config-file=/etc/voipmon2.conf
Restart=on-failure


=== Step 5: Register and start the new service ===
[Install]
WantedBy=multi-user.target
</syntaxhighlight>
 
=== Step 4: Create spooldir and start service ===


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
mkdir -p /var/spool/voipmonitor2
systemctl daemon-reload
systemctl daemon-reload
systemctl enable voipmon2
systemctl enable --now voipmon2
systemctl start voipmon2
</syntaxhighlight>
</syntaxhighlight>


=== Step 6: Verify the service started successfully ===
=== Step 5: Verify startup ===
 
Check service logs for errors:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# Using journalctl (recommended)
journalctl -u voipmon2 -n 50
journalctl -u voipmon2 -n 50
# Or check syslog
tail -f /var/log/syslog | grep voipmon2
</syntaxhighlight>
</syntaxhighlight>


{{Warning|Verify there are NO errors in the logs before proceeding.}}
{{Warning|Verify there are NO errors in the logs before proceeding.}}


=== Step 7: Add the new instance to the GUI ===
=== Step 6: Register in GUI ===


# Log in to the VoIPmonitor GUI
# Navigate to '''Settings > Sensors > Add Sensor'''
# Navigate to '''Settings > Sensors'''
# Click '''Add Sensor'''
# Configure:
# Configure:
#* <code>Sensor ID</code>: Matches <code>id_sensor</code> in the config file
#* '''Sensor ID''': <code>2</code> (matches <code>id_sensor</code>)
#* <code>Manager IP</code>: IP address of the sensor host
#* '''Manager IP''': IP address of the host
#* <code>Manager Port</code>: The <code>managerport</code> configured in the config file (e.g., 5030)
#* '''Manager Port''': <code>5030</code> (matches <code>managerport</code>)


{{Tip|Do NOT use the GUI wrench icon to set the <code>interface</code> field. The interface is managed exclusively through the local configuration file.}}
== Troubleshooting ==
 
== Troubleshooting Multiple Instances ==


=== Duplicate Calls in GUI ===
=== Duplicate Calls in GUI ===


If you see duplicate calls, it typically means:
If both interfaces see the same traffic (overlapping SPAN), add to '''both''' config files:
* Both interfaces are seeing the same SPAN/mirrored traffic (e.g., VLAN trunking or inter-VLAN routing overlap)
* Packet deduplication is not enabled
 
Solution: Add to '''both''' configuration files:


<syntaxhighlight lang="ini">
<syntaxhighlight lang="ini">
Line 139: Line 152:
</syntaxhighlight>
</syntaxhighlight>


Reference: [[Sniffing_modes#Multiple_Mirrored_Interfaces_Issue]]
See [[Sniffing_modes#Multiple_Mirrored_Interfaces_Issue]] for details.


=== Configuration Conflicts ===
=== GUI Overwrites Configuration ===


If changes in the GUI are being applied to the wrong sensor:
Prevent GUI from overwriting local config settings:
* Ensure GUI wrench icon is NOT used for interface settings
 
* Verify each instance has unique <code>id_sensor</code>, <code>managerport</code>, and all bind options
<syntaxhighlight lang="ini">
* Set <code>mysqlloadconfig = no</code> in each instance's config file to prevent GUI overwrites
mysqlloadconfig = no
</syntaxhighlight>


=== Service Won't Start ===
=== Service Won't Start ===


* Check that all bind ports are unique and not already in use: <code>netstat -tulpn | grep -E '50[23][0-9]'</code>
* Check port conflicts: <code>ss -tulpn | grep -E '502[0-9]|6002[0-9]'</code>
* Verify <code>spooldir</code> paths exist and are writable by the voipmonitor user
* Verify <code>spooldir</code> exists and is writable
* Check logs for permission errors or missing dependencies
* Check logs: <code>journalctl -u voipmon2 -e</code>
 
== Alternative: Systemd Service Files (Modern Method) ==
 
For modern systemd-based systems, you can create dedicated service files instead of copying init.d scripts.
 
Create <code>/etc/systemd/system/voipmon2.service</code>:
 
<syntaxhighlight lang="ini">
[Unit]
Description=VoIPmonitor Instance 2
After=network.target mysql.service
 
[Service]
Type=forking
ExecStart=/usr/local/sbin/voipmonitor --config-file=/etc/voipmon2.conf
Restart=on-failure


[Install]
== See Also ==
WantedBy=multi-user.target
</syntaxhighlight>


Then enable and start:
* [[Sniffer_configuration]] - Configuration file reference
* [[Systemd_for_voipmonitor_service_management]] - Systemd service details
* [[Sniffing_modes]] - Traffic capture methods and SPAN setup
* [[Sniffer_distributed_architecture]] - Client-server mode and packet mirroring


<syntaxhighlight lang="bash">
systemctl daemon-reload
systemctl enable voipmon2
systemctl start voipmon2
</syntaxhighlight>


== AI Summary for RAG ==
== AI Summary for RAG ==


'''Summary:''' This guide explains how to run multiple independent VoIPmonitor sniffer instances on a single physical host. Each instance requires unique values for <code>id_sensor</code>, <code>interface</code>, <code>managerport</code>, and all bind options (<code>server_bind</code>, <code>mirror_bind</code>). The procedure covers copying configuration files, modifying init scripts or creating systemd service units, and registering sensors in the GUI. Troubleshooting includes solutions for duplicate calls (use <code>auto_enable_use_blocks = yes</code>) and configuration conflicts (use <code>mysqlloadconfig = no</code>).
'''Summary:''' Guide for running multiple independent VoIPmonitor sniffer instances on a single host. Each instance requires unique values for <code>id_sensor</code>, <code>interface</code>, <code>managerport</code>, and bind options (<code>server_bind</code>, <code>mirror_bind</code>). Setup involves copying the config file, creating a systemd service unit with <code>--config-file</code> parameter, and registering the sensor in GUI. For duplicate calls when interfaces see overlapping traffic, use <code>auto_enable_use_blocks = yes</code>. To prevent GUI from overwriting local settings, use <code>mysqlloadconfig = no</code>.


'''Keywords:''' multiple instances, single host, separate interfaces, id_sensor, managerport, server_bind, mirror_bind, PBX monitoring, dual PBX, deduplikace, auto_enable_use_blocks, mysqlloadconfig
'''Keywords:''' multiple instances, single host, separate interfaces, id_sensor, managerport, server_bind, mirror_bind, dual PBX, systemd service, auto_enable_use_blocks, mysqlloadconfig, packet deduplication


'''Key Questions:'''
'''Key Questions:'''
* How to monitor two PBX systems on a single VoIPmonitor host?
* How to monitor two PBX systems on a single VoIPmonitor host?
* Why are calls duplicated in the GUI when using multiple sensors?
* Why are calls duplicated when using multiple sniffer instances?
* How to configure unique managerport and bind options for each sniffer instance?
* How to configure unique ports for each sniffer instance?
* How to prevent configuration conflicts between multiple sniffer instances?
* How to prevent configuration conflicts between multiple instances?
* When to use auto_enable_use_blocks for packet deduplication?
* How to create a systemd service for additional sniffer instance?

Latest revision as of 17:32, 10 January 2026

How to Run Multiple Sniffer Instances on a Single Host

Running multiple VoIPmonitor sniffer instances on a single host allows you to:

  • Monitor multiple PBX systems via separate network interfaces
  • Assign different id_sensor values for licensing or organizational purposes
  • Use separate storage paths (spooldir) for each instance
  • Prevent CDR merging from multiple sensors in packet mirroring mode (see below)

⚠️ Warning: Do NOT use the GUI wrench icon to configure interfaces when running multiple instances. Interface settings must be configured in local configuration files only.

Use Case: Multiple Receivers Preventing CDR Merging

When multiple sensors send packets to a single receiver instance in packet mirroring mode (packetbuffer_sender=yes), calls may be merged into single CDRs, preventing per-sensor concurrent call monitoring.

Solution: Run multiple voipmonitor receiver instances on the same host, one per sensor. Each instance binds to a dedicated server_bind_port and processes only that sensor's traffic. 

# /etc/voipmonitor-sensor1.conf
id_sensor          = 1
server_bind        = 0.0.0.0:60024
server_bind_port   = 60024
server_password    = password1

# /etc/voipmonitor-sensor2.conf  
id_sensor          = 2
server_bind        = 0.0.0.0:60025
server_bind_port   = 60025
server_password    = password2

Configure each remote sensor to send to its dedicated port: 

# On Sensor 1
server_destination      = receiver.host.ip
server_destination_port = 60024

# On Sensor 2
server_destination      = receiver.host.ip
server_destination_port = 60025

Note: Configuration options like id_sensor or cdr_check_unique_callid_in_sensors do not prevent CDR merging in packet mirroring mode. The only solution is separate receiver instances.

Configuration Requirements

Each instance requires unique values for these parameters:

Option Purpose Example (Instance 2)
id_sensor Sensor ID for licensing/GUI 2
interface Network interface to capture eth1
managerport API port for GUI communication 5030
server_bind Server mode bind address:port 127.0.0.1:60025
mirror_bind Mirror mode bind address:port 127.0.0.1:60026
spooldir PCAP/audio storage directory /var/spool/voipmonitor2

Step-by-Step Setup

Step 1: Copy configuration file

cp -a /etc/voipmonitor.conf /etc/voipmon2.conf

Step 2: Edit the new configuration

Edit /etc/voipmon2.conf and set unique values: 

id_sensor = 2
interface = eth1
managerport = 5030
server_bind = 127.0.0.1:60025
mirror_bind = 127.0.0.1:60026
spooldir = /var/spool/voipmonitor2

Step 3: Create systemd service

Create /etc/systemd/system/voipmon2.service: 

[Unit]
Description=VoIPmonitor Instance 2
After=network.target mysql.service

[Service]
Type=forking
ExecStart=/usr/local/sbin/voipmonitor --config-file=/etc/voipmon2.conf
Restart=on-failure

[Install]
WantedBy=multi-user.target

Step 4: Create spooldir and start service

mkdir -p /var/spool/voipmonitor2
systemctl daemon-reload
systemctl enable --now voipmon2

Step 5: Verify startup

journalctl -u voipmon2 -n 50

⚠️ Warning: Verify there are NO errors in the logs before proceeding.

Step 6: Register in GUI

  1. Navigate to Settings > Sensors > Add Sensor
  2. Configure:
    • Sensor ID: 2 (matches id_sensor)
    • Manager IP: IP address of the host
    • Manager Port: 5030 (matches managerport)

Troubleshooting

Duplicate Calls in GUI

If both interfaces see the same traffic (overlapping SPAN), add to both config files: 

auto_enable_use_blocks = yes

See Sniffing_modes#Multiple_Mirrored_Interfaces_Issue for details.

GUI Overwrites Configuration

Prevent GUI from overwriting local config settings: 

mysqlloadconfig = no

Service Won't Start

  • Check port conflicts: ss -tulpn | grep -E '502[0-9]|6002[0-9]'
  • Verify spooldir exists and is writable
  • Check logs: journalctl -u voipmon2 -e

See Also


AI Summary for RAG

Summary: Guide for running multiple independent VoIPmonitor sniffer instances on a single host. Each instance requires unique values for id_sensor, interface, managerport, and bind options (server_bind, mirror_bind). Setup involves copying the config file, creating a systemd service unit with --config-file parameter, and registering the sensor in GUI. For duplicate calls when interfaces see overlapping traffic, use auto_enable_use_blocks = yes. To prevent GUI from overwriting local settings, use mysqlloadconfig = no.

Keywords: multiple instances, single host, separate interfaces, id_sensor, managerport, server_bind, mirror_bind, dual PBX, systemd service, auto_enable_use_blocks, mysqlloadconfig, packet deduplication

Key Questions:

  • How to monitor two PBX systems on a single VoIPmonitor host?
  • Why are calls duplicated when using multiple sniffer instances?
  • How to configure unique ports for each sniffer instance?
  • How to prevent configuration conflicts between multiple instances?
  • How to create a systemd service for additional sniffer instance?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Multiple_sniffer_instancies&oldid=10624"