Capture rules troubleshooting

From VoIPmonitor.org
Revision as of 04:08, 4 January 2026 by Admin (talk | contribs) (Add troubleshooting guide for capture rules)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Capture Rules Troubleshooting

This guide helps you troubleshoot common issues with capture rules, specifically when changes made in the GUI are not being applied to the sensor.

Rules Not Applied After GUI Change

The most common cause is that the capture reload signal never reached the sensor. This can happen due to network connectivity issues between the GUI and the probe.

Step 1: Test Manager API Connectivity

Before attempting a reload, verify that the GUI can reach the sensor's Manager API port (default 5029).

Test connectivity from the GUI server: 

# Replace <PROBE_IP> with your sensor's actual IP address
echo 'getversion' | nc <PROBE_IP> 5029
Expected output:
A version string like voipmonitor 8.0.0-SVN.10
If no output/connection times out:
The GUI cannot reach the sensor. This indicates a network connectivity problem.

Common Connectivity Issues

  • Firewall blocking port 5029 - Ensure port 5029/TCP is open on the sensor's firewall
  • Wrong IP address in Settings > Sensors - Verify the Manager IP matches the sensor's actual IP
  • NAT/ Routing issue - For sensors behind NAT, use the Server API method instead (see below)

Step 2: Reload Methods

If connectivity test succeeds, use one of these reload methods:

Method 1: Web GUI Reload Button

1. Log in to the VoIPmonitor GUI 2. Navigate to Control Panel (Dashboard) 3. Click the green reload sniffer button 4. Look for error message if reload fails

Method 2: CLI Manager API

echo 'reload' | nc <PROBE_IP> 5029

Use this if you cannot access the GUI or need automation.

Method 3: Server API (for Client/Server Mode)

If sensors are in client/server mode and manager ports aren't accessible, use the central server: 

# Step 1: List connected sensors and get sensor_id
echo 'list_active_clients' | nc <SERVER_IP> 5029

# Step 2: Send reload command via Server API port (usually 60024)
echo '{"type_connection":"gui_command","sensor_id":<SENSOR_ID>,"command":"reload"}' | nc <SERVER_IP> 60024

Replace `<SENSOR_ID>` with the ID from Step 1 and `<SERVER_IP>` with the central server's IP.

Step 3: Immediate Workaround - Restart Sniffer Service

If the reload fails and you cannot resolve the connectivity issue immediately, you can force the sensor to reload rules by restarting the service on the probe:

Option A: SSH to Sensor and Restart

# SSH to the sensor
ssh <SENSOR_IP>

# Check current status
systemctl status voipmonitor

# Restart the service
sudo systemctl restart voipmonitor

Option B: Restart from Central Server (if available)

Some deployments allow remote restart via the Manager API: 

# Note: This command depends on sensor configuration
echo 'restart' | nc <PROBE_IP> 5029

How to Verify the Fix

After reloading rules, test that they are active:

1. Check logs for reload confirmation: 

# Debian/Ubuntu
tail -f /var/log/syslog | grep voipmonitor

# CentOS/RHEL
tail -f /var/log/messages | grep voipmonitor

Look for messages like Rules reloaded or capture rules re-read.

2. Make a test call that should trigger your new rule and verify the recording behavior matches expectations.

3. Monitor CDR view to confirm captured/dropped call logs match your rule configuration.

Preventing Future Issues

  • Stable network connectivity between GUI and sensors is critical for rule management
  • Use SNMP monitoring to及时发现网络连接中断
  • Consider client/server mode if sensors are in different networks - the Server API uses persistent connections that are more reliable

AI Summary for RAG

Summary: This guide provides troubleshooting steps for when capture rule changes in the GUI are not being applied to sensors. It explains how to test Manager API connectivity using the getversion command, identify common network issues (firewall, wrong IP, NAT), and provides three methods to reload rules: GUI button, CLI Manager API, and Server API for client/server deployments. It includes an immediate workaround of restarting the sniffer service on the probe if reload fails due to connectivity issues. The guide also explains how to verify the fix through logs and test calls.

Keywords: capture rules troubleshooting, reload not working, getversion, manager api, connectivity, firewall, port 5029, restart voipmonitor, list_active_clients, sensor

Key Questions:

  • Why are capture rules not being applied after I change them in the GUI?
  • How do I test if the GUI can reach the sensor's Manager API?
  • What does the getversion command do?
  • How can I reload capture rules if the sensor is behind NAT?
  • How do I restart the sniffer service on a remote sensor?
  • How do I verify that capture rules have been reloaded?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Capture_rules_troubleshooting&oldid=6286"