Linux host

You can install or compile VoIPmonitor binary directly on linux PBX or SBC/SIP server. This does not requires additional hardware and changes in network topology. The only downside is that voipmonitor consumes hardware resources - RAM, CPU and I/O workload which can affect the whole system. If it is not acceptable to share hardware for voipmonitor the second common use case is doing port mirroring.

Hardware port mirroring

Port Mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port => voipmonitor dedicated linux box. Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN); some other vendors have other names for it, such as Roving Analysis Port (RAP) on 3Com switches or just port mirroring.

In case of hardware mirroring you often need to have additional ethernet port. Sniffer is configured to use this port (interface=eth1) and it automatically put the interface into Promiscuous mode. In case you need to mirror to more ethernet ports you can set interface=any in voipmonitor.conf which will enable mirroring on all interfaces but you need to set each ethernet interface into promiscuous mode manually

ifconfig eth1 promisc

Software packet mirroring

All in one

If the sensor is installed on the same server as MySQL and GUI you do not need to configure sensors in GUI. The GUI is reading PCAP files directly from local file system and database are connected via localhost mysql database.

Multiple remote sensors one DB/GUI server

Sensors can be configured in two ways - mirroring all packets by the remote sniffer to central sniffer or the remote sniffer is processing VoIP directly and only sends CDR to remote database keeping pcap files on local storage.

Standard remote sniffer

Remote sensor in standard mode processes all packets and stores CDR to database keeping pcap files on local disk. This setup generates minimal traffic between sensor and remote database (it sends only CDR)

What you need to configure on remote sniffer:

• /etc/voipmonitor.conf

id_sensor = unique_number < 65535
managerip = 0.0.0.0
mysqlhost = remotedatabaseIPorHost
#mysqlport = 3306
mysqlusername = voipmonitor
mysqlpassword = safu3q28n
mysqldb = voipmonitor

Note: you probably need to reconfigure your central MySQL to be able to listen not only on localhost. Check your mysql configuration option

bind-address = 0.0.0.0

You also need to create user for your database:

MySQL> GRANT ALL ON voipmonitor.* TO 'voipmonitor'@'%' IDENTIFIED BY 'safu3q28n';
MySQL> GRANT SUPER ON *.* TO 'voipmonitor'@'%' IDENTIFIED BY 'safu3q28n';
MySQL> FLUSH PRIVILEGES;

• allow TCP port 5029 on firewall from GUI server

What you need to configure on central GUI

• Go to main menu -> Settings -> Sensors -> add sensor ID, IP, port 5029, keep mysql settings blank.

Mirroring sniffer

Since version 8 remote sensor can be configured as packet sender (mirrorer) to remote sensor which runs on different server. In this mode the sender sends all packets via compressed TCP stream to remote sniffer like it is sniffing directly on network interface. This setup is common in situation where you are not able to mirror packets directly via port spanning or taping and you need to install it directly on linux server where the PBX/SBC runs and you do not have to enough CPU or storage resources to process all packets there - the sender sensor uses minimal CPU / memory resources.

What you need to configure on remote sniffer (for example remote sniffer has IP 10.0.0.1, central sniffer has IP 192.168.0.1)

voipmonitor.conf:
[general]
id_sensor = 1 #change this number on each remote sniffer to unique number
interface = eth0 #change this to correct interface where you need to intercept traffic
ringbuffer = 200 #up to 2000MB
packetbuffer_enable             = yes 
max_buffer_mem                  = 2000 #in MB
packetbuffer_compress           = yes #enable compression 
packetbuffer_compress_ratio     = 100
mirror_destination_ip           = 192.168.0.1 #this is address of your dedicated server (central sniffer - mirroring receiver)
mirror_destination_port         = 5030

What you need to configure on central sniffer - configure voipmonitor.conf as a standard sniffer + mirror* options :

voipmonitor.conf
mirror_bind_ip               = 192.168.0.1 #set there ip address of central server, which is accessible from remote sniffers.
mirror_bind_port             = 5030

Moving pcap files

VoIPmonitor sniffer runs directly on asterisk PBX storing pcap files to /var/spool/voipmonitor and moved to /mnt/ssh which is mounted /var/spool/voipmonitor on central WEB GUI. You can use sshfs to mount remote directory over ssh

sshfs root@guiserverIP:/var/spool/voipmonitor /mnt/ssh

in voipmonitor.conf on asterisk PBX set

cachedir = /var/spool/voipmonitor (or /dev/shm which is ramdisk to save some I/O) 
spooldir = /mnt/ssh

Cloud mode

In cloud mode the voipmonitor sniffs and analyzes all packets and sends only complete CDR record (which is around 2kB for one CDR) over the encrypted https channel to the voipmonitor cloud. SIP and RTP packets are stored on local hard drive (if storing packets are enabled in the sniffer configuration) so they are not sent over network to the cloud. The cloud is downloading them from sniffer only on demand when user requests pcap file.

.