Capture rules - reload: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
(Created page with " = adding capture rule manually to db(no need for GUI)= == adding IP based rule== This will add rule with SAVE RTP=ON for net 1.2.3.4/24: INSERT INTO `voipmonitor`.`filter_i...")
 
No edit summary
Line 1: Line 1:
{{DISPLAYTITLE:Managing Capture Rules via Command Line}}


'''This is an advanced guide for administrators and developers who need to programmatically add and manage VoIPmonitor's capture rules directly in the database and reload them without using the web interface. This method is ideal for automation, bulk rule creation, or managing remote sensors.'''


= adding capture rule manually to db(no need for GUI)=
== Overview ==
== adding IP based rule==
VoIPmonitor's capture rules allow for fine-grained control over which calls are recorded. While these are typically managed in the GUI, you can also manipulate them directly in the MySQL database. After adding or changing rules in the database, you must signal the running sniffer to reload them.
This will add rule with SAVE RTP=ON for net 1.2.3.4/24:
INSERT INTO `voipmonitor`.`filter_ip` (`ip`, `mask`, `direction`, `rtp`, `rtcp`, `sip`, `register`, `graph`, `wav`, `skip`, `script`, `mos_lqo`, `hide_message`,  `note`, `remove_at`, `spool_2`) VALUES (INET_ATON('1.2.3.4'),24,0,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL);


==adding telnum based rule==
This guide covers two main parts:
This will add rule with SAVE RTP=ON for telnum prefix 12345 for both directions (direction=0):
#'''Creating Rules:''' How to manually insert IP-based and telephone number-based rules into the database.
INSERT INTO `filter_telnum` (`prefix`, `fixed_len`, `direction`, `rtp`, `sip`, `register`, `graph`, `wav`, `skip`, `script`, `mos_lqo`, `hide_message`, `note`, `remove_at`, `rtcp`, `spool_2`) VALUES ('12345',0,0,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL);
#'''Reloading Rules:''' How to force a running sniffer to apply the new rules using its API.


This will add rule with SAVE RTP=ON for telnum prefix 98765 for direction destination(direction=2), for source use direction=1 instead:
== Part 1: Adding Capture Rules to the Database ==
INSERT INTO `filter_telnum` (`prefix`, `fixed_len`, `direction`, `rtp`, `sip`, `register`, `graph`, `wav`, `skip`, `script`, `mos_lqo`, `hide_message`, `note`, `remove_at`, `rtcp`, `spool_2`) VALUES ('98765',0,2,1,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL);
Capture rules are stored in the `filter_ip` and `filter_telnum` tables in the `voipmonitor` database. You can add new rules using standard SQL `INSERT` statements.


=== A. Adding IP-Based Rules ===
Rules in the `filter_ip` table are based on source or destination IP addresses or subnets.


= reload rules using manager api =
;Key Columns:
For sniffer instances where is manager api accessible from your location, you can use manager api command for reloading rules:
*<code>ip</code>: The IP address, which '''must''' be converted to an integer using the <code>INET_ATON()</code> function.
echo 'reload' | nc 192.168.88.234:5029
*<code>mask</code>: The subnet mask in CIDR notation (e.g., <code>24</code> for a /24 network).
*<code>direction</code>: <code>1</code> for source, <code>2</code> for destination, or <code>0</code> for both.
*<code>rtp</code>: The action for RTP (audio) streams. <code>1</code> means SAVE, <code>2</code> means DISCARD, <code>3</code> means save only the header.


= reload rules with server api =
;Example:
For sniffers which are running in client/server mode (with packet_buffer_sender=no) and its manager api is not accessible, you can use server API on master voipmonitor instance for reloading remotes
This SQL statement adds a rule to force-save RTP for all calls from or to the `1.2.3.0/24` network.
First you need to get sensors IDs using '''manager api''' of master (or you need to know the ids - its under GUI->settings->sensors):
<pre>
echo "list_active_clients"|nc 127.0.0.1 5029
INSERT INTO `voipmonitor`.`filter_ip`
{"count":1,"services":[{"ip":"127.0.0.1","port":54137,"sensor_id":114}]}
(`ip`, `mask`, `direction`, `rtp`)
VALUES
(INET_ATON('1.2.3.0'), 24, 0, 1);
</pre>


Then you can reload each sniffer using '''server API''' example is for id=114
=== B. Adding Telephone Number-Based Rules ===
echo '{"type_connection":"gui_command","sensor_id":114,"command":"reload"}' | nc 127.0.0.1 60024
Rules in the `filter_telnum` table are based on the caller or called number prefix.
 
;Key Columns:
*<code>prefix</code>: The telephone number prefix to match (e.g., <code>4420</code>).
*<code>direction</code>: <code>1</code> for source (caller), <code>2</code> for destination (called), or <code>0</code> for both.
*<code>rtp</code>: The action for RTP streams (<code>1</code> = SAVE, <code>2</code> = DISCARD, etc.).
 
;Example 1: Match any direction
This rule forces RTP saving for any call where the caller or called number starts with `12345`.
<pre>
INSERT INTO `voipmonitor`.`filter_telnum`
(`prefix`, `fixed_len`, `direction`, `rtp`)
VALUES
('12345', 0, 0, 1);
</pre>
 
;Example 2: Match only destination
This rule forces RTP saving only when the '''called''' number starts with `98765`.
<pre>
INSERT INTO `voipmonitor`.`filter_telnum`
(`prefix`, `fixed_len`, `direction`, `rtp`)
VALUES
('98765', 0, 2, 1);
</pre>
 
== Part 2: Reloading Rules on a Running Sniffer ==
After inserting rules into the database, they will '''not''' take effect until the sniffer process reloads its configuration. You can trigger this remotely without restarting the service.
 
=== Method 1: Using the Manager API (for directly accessible sensors) ===
If the sensor's manager port (default `5029`) is accessible from your location, you can send a simple `reload` command.
 
;Example:
<pre>
# Replace 192.168.88.234 with your sensor's IP address
echo 'reload' | nc 192.168.88.234 5029
</pre>
 
=== Method 2: Using the Server API (for sensors in a client/server cluster) ===
If your sensors are configured in the modern [[VoIPmonitor_Deployment_&_Topology_Guide#Modern_Mode:_Client.2FServer_Architecture_.28v20.2B.29|client/server mode]], their manager ports may not be directly accessible. In this case, you can send the reload command via the central "server" instance.
 
;Step 1: Get the ID of the remote sensor
First, query the central server's manager API to get a list of connected clients and their unique `sensor_id`.
<pre>
# Connect to the central server's manager port (e.g., 127.0.0.1:5029)
echo 'list_active_clients' | nc 127.0.0.1 5029
</pre>
The output will be a JSON object listing connected clients. Look for the `sensor_id` you want to reload.
<pre>
{"count":1,"services":[{"ip":"127.0.0.1","port":54137,"sensor_id":114}]}
</pre>
 
;Step 2: Send the reload command via the Server API
Now, send a specially formatted JSON command to the central server's '''server port''' (default `60024`), specifying the target `sensor_id`.
<pre>
# Connect to the central server's SERVER port (e.g., 127.0.0.1:60024)
echo '{"type_connection":"gui_command","sensor_id":114,"command":"reload"}' | nc 127.0.0.1 60024
</pre>
The central server will forward the `reload` command to the specified remote sensor over its secure channel.
 
== AI Summary for RAG ==
'''Summary:''' This guide provides an advanced tutorial on how to programmatically manage VoIPmonitor's capture rules by directly manipulating the database and using the sniffer's API. It is intended for automation and bulk operations. The first part explains how to add new rules by inserting rows into the `filter_ip` and `filter_telnum` MySQL tables, providing annotated SQL `INSERT` examples for both types. It highlights key columns like `direction` and the use of the `INET_ATON()` function for IP addresses. The second part details two distinct methods for forcing a running sniffer to apply the new rules without a restart. Method 1 describes using the standard Manager API (`echo 'reload' | nc ...`), suitable for directly accessible sensors. Method 2 explains the process for sensors in a client/server architecture, which involves a two-step process: first, querying the central server's Manager API with `list_active_clients` to find a remote sensor's ID, and second, sending a JSON-formatted command to the central server's Server API port (e.g., 60024) to relay the `reload` command to the target remote sensor.
'''Keywords:''' capture rules, filter, automation, script, database, sql, insert, `filter_ip`, `filter_telnum`, reload, manager api, server api, `list_active_clients`, cli, command line
'''Key Questions:'''
* How can I add capture rules without using the GUI?
* How to add IP or telephone number based filters directly to the database?
* How can I force a running sniffer to reload its capture rules?
* What is the difference between the Manager API and the Server API for reloading rules?
* How do I reload rules on a remote sensor that is behind NAT in a client/server setup?
* What do the `direction` and `rtp` columns mean in the `filter_ip` table?
* How to use the `INET_ATON()` function for capture rules?

Revision as of 23:22, 30 June 2025


This is an advanced guide for administrators and developers who need to programmatically add and manage VoIPmonitor's capture rules directly in the database and reload them without using the web interface. This method is ideal for automation, bulk rule creation, or managing remote sensors.

Overview

VoIPmonitor's capture rules allow for fine-grained control over which calls are recorded. While these are typically managed in the GUI, you can also manipulate them directly in the MySQL database. After adding or changing rules in the database, you must signal the running sniffer to reload them.

This guide covers two main parts:

  1. Creating Rules: How to manually insert IP-based and telephone number-based rules into the database.
  2. Reloading Rules: How to force a running sniffer to apply the new rules using its API.

Part 1: Adding Capture Rules to the Database

Capture rules are stored in the `filter_ip` and `filter_telnum` tables in the `voipmonitor` database. You can add new rules using standard SQL `INSERT` statements.

A. Adding IP-Based Rules

Rules in the `filter_ip` table are based on source or destination IP addresses or subnets.

Key Columns
  • ip: The IP address, which must be converted to an integer using the INET_ATON() function.
  • mask: The subnet mask in CIDR notation (e.g., 24 for a /24 network).
  • direction: 1 for source, 2 for destination, or 0 for both.
  • rtp: The action for RTP (audio) streams. 1 means SAVE, 2 means DISCARD, 3 means save only the header.
Example

This SQL statement adds a rule to force-save RTP for all calls from or to the `1.2.3.0/24` network. 

INSERT INTO `voipmonitor`.`filter_ip` 
(`ip`, `mask`, `direction`, `rtp`) 
VALUES 
(INET_ATON('1.2.3.0'), 24, 0, 1);

B. Adding Telephone Number-Based Rules

Rules in the `filter_telnum` table are based on the caller or called number prefix.

Key Columns
  • prefix: The telephone number prefix to match (e.g., 4420).
  • direction: 1 for source (caller), 2 for destination (called), or 0 for both.
  • rtp: The action for RTP streams (1 = SAVE, 2 = DISCARD, etc.).
Example 1
Match any direction

This rule forces RTP saving for any call where the caller or called number starts with `12345`. 

INSERT INTO `voipmonitor`.`filter_telnum` 
(`prefix`, `fixed_len`, `direction`, `rtp`) 
VALUES 
('12345', 0, 0, 1);
Example 2
Match only destination

This rule forces RTP saving only when the called number starts with `98765`. 

INSERT INTO `voipmonitor`.`filter_telnum` 
(`prefix`, `fixed_len`, `direction`, `rtp`) 
VALUES 
('98765', 0, 2, 1);

Part 2: Reloading Rules on a Running Sniffer

After inserting rules into the database, they will not take effect until the sniffer process reloads its configuration. You can trigger this remotely without restarting the service.

Method 1: Using the Manager API (for directly accessible sensors)

If the sensor's manager port (default `5029`) is accessible from your location, you can send a simple `reload` command.

Example
# Replace 192.168.88.234 with your sensor's IP address
echo 'reload' | nc 192.168.88.234 5029

Method 2: Using the Server API (for sensors in a client/server cluster)

If your sensors are configured in the modern client/server mode, their manager ports may not be directly accessible. In this case, you can send the reload command via the central "server" instance.

Step 1
Get the ID of the remote sensor

First, query the central server's manager API to get a list of connected clients and their unique `sensor_id`. 

# Connect to the central server's manager port (e.g., 127.0.0.1:5029)
echo 'list_active_clients' | nc 127.0.0.1 5029

The output will be a JSON object listing connected clients. Look for the `sensor_id` you want to reload. 

{"count":1,"services":[{"ip":"127.0.0.1","port":54137,"sensor_id":114}]}
Step 2
Send the reload command via the Server API

Now, send a specially formatted JSON command to the central server's server port (default `60024`), specifying the target `sensor_id`. 

# Connect to the central server's SERVER port (e.g., 127.0.0.1:60024)
echo '{"type_connection":"gui_command","sensor_id":114,"command":"reload"}' | nc 127.0.0.1 60024

The central server will forward the `reload` command to the specified remote sensor over its secure channel.

AI Summary for RAG

Summary: This guide provides an advanced tutorial on how to programmatically manage VoIPmonitor's capture rules by directly manipulating the database and using the sniffer's API. It is intended for automation and bulk operations. The first part explains how to add new rules by inserting rows into the `filter_ip` and `filter_telnum` MySQL tables, providing annotated SQL `INSERT` examples for both types. It highlights key columns like `direction` and the use of the `INET_ATON()` function for IP addresses. The second part details two distinct methods for forcing a running sniffer to apply the new rules without a restart. Method 1 describes using the standard Manager API (`echo 'reload' | nc ...`), suitable for directly accessible sensors. Method 2 explains the process for sensors in a client/server architecture, which involves a two-step process: first, querying the central server's Manager API with `list_active_clients` to find a remote sensor's ID, and second, sending a JSON-formatted command to the central server's Server API port (e.g., 60024) to relay the `reload` command to the target remote sensor. Keywords: capture rules, filter, automation, script, database, sql, insert, `filter_ip`, `filter_telnum`, reload, manager api, server api, `list_active_clients`, cli, command line Key Questions:

  • How can I add capture rules without using the GUI?
  • How to add IP or telephone number based filters directly to the database?
  • How can I force a running sniffer to reload its capture rules?
  • What is the difference between the Manager API and the Server API for reloading rules?
  • How do I reload rules on a remote sensor that is behind NAT in a client/server setup?
  • What do the `direction` and `rtp` columns mean in the `filter_ip` table?
  • How to use the `INET_ATON()` function for capture rules?
Retrieved from "https://www.voipmonitor.org//doc/index.php?title=Capture_rules_-_reload&oldid=5476"