Alerts & Reports

Email notifications triggered by QoS thresholds, SIP errors, or sensor health conditions. The system stores all alerts in history for review.

Prerequisites

Email Configuration

Alerts use PHP's mail() function via the server's MTA (Postfix/Exim/Sendmail).

# Add cron job (required)
echo "* * * * * root php /var/www/html/php/run.php cron" >> /etc/crontab
killall -HUP cron   # Debian/Ubuntu
# or: killall -HUP crond  # RHEL/CentOS

Alert Types

Access via GUI > Alerts.

RTP Alerts

Trigger on voice quality metrics:

• MOS - below threshold
• Packet loss - percentage exceeded
• Jitter - variation exceeded
• Delay (PDV) - latency exceeded
• One-way calls - one RTP stream missing
• Missing RTP - both RTP streams missing

Configure alerts to trigger when number of incidents OR percentage of CDRs exceeds threshold.

RTP&CDR Alerts

Combine RTP metrics with CDR conditions including PDD (Post Dial Delay).

Using Filter Templates:

1. Create CDR filter in GUI > CDR
2. Save as template
3. In alert config, select from Filter template dropdown

SIP Response Alerts

"from all" Checkbox (Percentage Thresholds)

• CHECKED: % calculated from ALL CDRs in database
• UNCHECKED: % calculated only from filtered CDRs (correct for specific IP groups)

SIP Response vs Last SIP Response

There are two different fields for matching SIP responses:

The Last sip response field supports wildcard patterns (%, %Request Terminated%, %487%) but only triggers based on count thresholds, not percentages.

International Call Alerts (Called Number Prefixes)

Monitor calls to international destinations using prefix-based matching (dialing patterns like 00, +).

Configuration:

1. GUI > Settings > Country prefixes - Define international prefixes (00, +), local country, minimum digits
2. GUI > Alerts > Filter common - Configure:

Sensors Alerts

Monitor sensor health and status:

• Offline detection - Sensor not communicating
• Old CDR - No recent CDRs written (capture or DB issue)
• Big SQL queue stat - Growing queue indicates DB bottleneck (warning: >20 files, critical: >100)

SIP REGISTER Alerts

CDR Trends Alerts

Monitor metric deviations from historical baselines (e.g., ASR drops).

Common Filters

All alert types support:

• IP/Number Group - Predefined groups from Groups menu
• IP Addresses / Numbers - Individual values (one per line)
• Email Group / Emails - Recipients
• Last sip response - Filter by response text (requires save_sip_history = responses)
• External script - Custom script path for integrations

Caller vs Called Filtering

The Numbers filter matches against both caller and called fields. You cannot create alerts that trigger only when a number is the caller or only the called. Use IP Groups with Trunk/Server checkboxes for direction-based filtering. See Groups.

External Scripts

Enable webhook integration (Datadog, Slack, custom systems).

Configuration: Enter full absolute path in External script field (e.g., /usr/local/bin/alert-webhook.sh).

Arguments passed to script:

Example - Slack notification:

#!/bin/bash
# /usr/local/bin/slack-alert.sh
SLACK_WEBHOOK="https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
curl -X POST "$SLACK_WEBHOOK" -H "Content-Type: application/json" \
  -d '{"text": "VoIPmonitor Alert: '"$2"'"}'

Sent Alerts

View triggered alerts via GUI > Alerts > Sent Alerts. Shows:

• Parameters table - QoS metrics with highlighted bad values
• CDR records - Calls that triggered alert with flags: (M)OS, (J)itter, (P)acket loss, (D)elay

Custom Report Alerts

Alert on criteria not in native types (e.g., custom SIP headers).

Workflow:

1. Capture header in /etc/voipmonitor.conf: custom_headers = Max-Forwards
2. Enable in GUI > Settings > CDR Custom Headers
3. Create filter in CDR view, save as template
4. Create Daily Report with filter in GUI > Reports > Configure Daily Reports

Troubleshooting

Email Not Sent

Diagnosis:

• Entries in "Sent Alerts" but no email → MTA issue
• No entries in "Sent Alerts" → Alert conditions or cron issue

# Test MTA
echo "Test" | mail -s "Test" your@email.com

# Check MTA status
systemctl status postfix  # or exim4/sendmail

# Check logs
tail -f /var/log/mail.log  # Debian/Ubuntu
tail -f /var/log/maillog   # RHEL/CentOS

# Check mail queue
mailq

Status 250 or "Queued mail for delivery" = Your server delivered successfully. If recipient didn't receive, issue is on their side (spam folder, quarantine, blacklisting). Mail Queue Not Delivering: If emails accumulate in the queue but are not being sent:

# Verify queue manager is running
ps aux | grep qmgr

# Restart Postfix
systemctl restart postfix

# Force immediate delivery of queued emails
postfix flush

Alerts Not Triggering

Enable debug logging:

// Add to ./config/system_configuration.php
define('CRON_LOG_FILE', '/tmp/alert.log');

# Monitor processing
tail -f /tmp/alert.log

Common causes:

• Cron not running - verify with crontab -l
• PHP CLI version mismatch - use update-alternatives --set php /usr/bin/php8.x
• SQL queue growing - DB can't keep up (see Scaling)
• Alert disabled or filter mismatch

Concurrent Calls Alerts

Use regular concurrent calls for destination IP monitoring (trunk capacity). Investigating Fraud: Realtime Concurrent Calls Alerts

Since this alert type triggers before CDRs are written, use the following procedure to investigate the calls that triggered the alert:

1. Navigate to GUI → CDR
2. Use the filter form to add the is international filter
3. Set the from and to date range to match the time the alert was sent
4. Go to the bottom of the CDR view and enable grouping by country
5. Analyze the traffic by country to identify the source of the fraudulent activity

External Script Not Running

1. Use preview button to test alert triggers
2. Verify absolute path (not relative)
3. Check permissions: chmod 755 /path/to/script.sh
4. Include shebang: #!/bin/bash
5. Use full command paths (e.g., /usr/bin/curl)
6. For URLs, create script with curl/wget - cannot put URL directly in field

"Crontab Log Too Old" Warning

Causes:

1. Cron not running → Add cron entry
2. PHP CLI version mismatch → update-alternatives --set php /usr/bin/php8.x
3. Database overload → Check SQLq in GUI > Settings > Sensors, see Scaling

See Also

• Anti-Fraud Rules - Realtime fraud detection
• Reports - Daily reports and report generator
• Groups - IP and number groups for filtering

AI Summary for RAG

Summary: VoIPmonitor Alerts system provides email notifications for QoS thresholds (RTP: MOS, jitter, packet loss), SIP response codes (0=no response, 408=timeout), sensor health, and registration monitoring. Alert types include RTP, RTP&CDR (with filter templates for duration/absolute_timeout), SIP Response (use "from all" unchecked for IP group percentages), International Calls (prefix-based, NOT GeoIP), Sensors, SIP REGISTER alerts (RRD beta for latency, failed Register beta for brute-force, multiple register beta for credential compromise), and CDR Trends (ASR deviation monitoring). External scripts enable webhook integrations. CRITICAL: Alerts use OR logic only - AND not supported. IP addresses stored as integers - use long2ip()/INET_NTOA() for conversion.

Keywords: alerts, email notifications, QoS, MOS, jitter, packet loss, SIP response, 408 timeout, sensors monitoring, SIP REGISTER, brute force, credential stuffing, international calls, called number prefixes, CDR trends, ASR, external scripts, webhooks, from all checkbox, OR logic, crontab, MTA, Postfix, CRON_LOG_FILE, concurrent calls, SQL queue

Key Questions:

• How do I configure email alerts in VoIPmonitor?
• What alert types are available (RTP, SIP, Sensors)?
• How do I configure international call alerts with prefix filtering?
• What does the "from all" checkbox do in percentage alerts?
• How do I integrate alerts with webhooks (Slack, Datadog)?
• Why are my alerts not triggering?
• How do I troubleshoot email delivery issues?
• What is the difference between fraud and regular concurrent calls alerts?
• How do I detect SIP registration attacks (brute-force)?
• Do alerts support AND logic between conditions?