Manual PCAP Extraction from spooldir: Difference between revisions
| Line 26: | Line 26: | ||
| === export RTP pcap === | === export RTP pcap === | ||
| First you will need get lzo positions from database: | First you will need get lzo positions from database (calldate start '2016-08-23 16:37:38'in example and from CALL-ID header 'CwA8j-SNSN' you can write a query): | ||
|   mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38'; |   mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38'; | ||
| type=2 (means RTP filetype ) | |||
| Returned: | Returned: | ||
| Line 36: | Line 37: | ||
|   4 rows in set (0,00 sec) |   4 rows in set (0,00 sec) | ||
| Second we use positions to export RTP and unLZO using voipmonitor binary: | Second we use positions returned from db to export RTP and unLZO using voipmonitor binary: | ||
|   /usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap |   /usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap | ||
| == Steps for export when LZO compression disabled in config == | == Steps for export when LZO compression disabled in config == | ||
Revision as of 17:28, 23 August 2016
export with default config used
notes
RTP format: With default config shipped with latest voipmonitor sensor, is RTP compression enabled into LZO in time of capture - those LZOed files are tared into RTP archives based on date-hourminute of a call start and its call's call-id.
option pcap_dump_zip_rtp = lzo
SIP format: With default config shipped with latest voipmonitor sensor, is SIP compression enabled after tar archive was created:
option tar_compress_sip = gzip
precondition
call needs to be captured with sensor's compression settings like in default voipmonitor.conf
pcap_dump_zip_rtp = lzo option tar_compress_sip = gzip
Information needed for export from CDR detail
You will need:
1.CDR.id (103)
2.Date time of a call start (2016-08-23 16:37:38)
3.Call-ID (CwA8j-SNSN)
4.Location of your spooldir ('spooldir' option is defined in /etc/voipmonitor.conf)
export SIP pcap
From spooldir location (by default its '/var/spool/voipmonitor' and calldate start '2016-08-23 16:37:38'in example and from CALL-ID header (CwA8j-SNSN) you can write command:
tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/16/37/SIP/sip_2016-08-23-16-37.tar.gz' 'CwA8j-SNSN.pcap*' /tmp/expsip.pcap
export RTP pcap
First you will need get lzo positions from database (calldate start '2016-08-23 16:37:38'in example and from CALL-ID header 'CwA8j-SNSN' you can write a query):
mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38';
type=2 (means RTP filetype )
Returned:
pos: 0 pos: 164352 pos: 328704 pos: 493056 4 rows in set (0,00 sec)
Second we use positions returned from db to export RTP and unLZO using voipmonitor binary:
/usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap
Steps for export when LZO compression disabled in config
preconditions
call captured when sensor's compression settings changed from default voipmonitor.conf
pcap_dump_zip_rtp = no option tar_compress_sip = gzip
info needed to collect from cdr
Call-ID Date time of a call start
export SIP pcap
tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/SIP/sip_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportSIP.pcap
export RTP pcap
tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/RTP/rtp_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportRTP.pcap
merge SIP and RTP into one file
mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap
QUERY: SELECT pos FROM cdr_tar_part where cdr_id = 103 and type = 1 and calldate = '2016-08-23 16:37:38';
(return no result)
