25 May
2007
25 May
'07
12:28 a.m.
Hi All,
I want to get ONLY formal SIP message (ex. INVITE, REGISTER and more) by
SER,
like Cisco AS5300 debug mode (ex. # debug ccsip message).
How do I configure my ser.cfg?
Now ser.cfg as follows:
debug=3
fork=yes
log_facility=LOG_LOCAL0
listen=MY.SER.IP.ADDRESS
alias=MY.SER.FQDN.ADDRESS1
alias=MY.SER.FQDN.ADDRESS2
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
And /etc/syslog.conf as follows:
# SIP Express Router log
local0.* /var/log/ser.log
Regards,
Sahria
25 May
25 May
4:53 a.m.
Hi!
This is not possible with in openser.
You can use a packet sniffer to watch the whole SIP traffice. My
favorite for sniffing SIP signaling (and related) is:
ngrep -W byline -P "" -d any -q -t port 5060 or port 53 or icmp
regards
klaus
Sahria Hao wrote:
Hi All,
I want to get ONLY formal SIP message (ex. INVITE, REGISTER and more) by
SER,
like Cisco AS5300 debug mode (ex. # debug ccsip message).
How do I configure my ser.cfg?
Now ser.cfg as follows:
debug=3
fork=yes
log_facility=LOG_LOCAL0
listen=MY.SER.IP.ADDRESS
alias=MY.SER.FQDN.ADDRESS1
alias=MY.SER.FQDN.ADDRESS2
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
And /etc/syslog.conf as follows:
# SIP Express Router log
local0.* /var/log/ser.log
Regards,
Sahria
------------------------------------------------------------------------
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
29 May
29 May
8:21 a.m.
Hi!
Sahria Hao wrote:
I want to get ONLY formal SIP message (ex. INVITE,
REGISTER and more) by
SER,
like Cisco AS5300 debug mode (ex. # debug ccsip message).
You can use xlog() from the xlog module to save certain messages, i.e.
if (method=="REGISTER") {
xlog("L_NOTICE", "%mb\n");
}
%mb = message body
The implemented specifiers are quite powerful so you might get around
logging full messages.
I started writing a passive 'IDS' based on SER for fun. Among other
features it has a pcap module that allows writing arbitrary SIP messages
to a common pcap file. It updates most IP+UDP headers but obviously
won't be able to reconstruct everything. If people are interested
I'd publish a patch.
Cheers,
Hendrik
--
Hendrik Scholz
VoIP Systems Engineer
----------------------------------------------------------------------------
Telefon: + 49 (0) 431 90 20 552
Telefax: + 49 (0) 431 90 20 559
E-Mail: hendrik.scholz(a)freenet.ag
Website: www.freenet.de; www.mobilcom.de
----------------------------------------------------------------------------
freenet Cityline GmbH
Ein Unternehmen der freenet AG
Hamburger Chaussee 2-4
24114 Kiel
----------------------------------------------------------------------------
Geschäftsführer: Eckhard Spoerr, Axel Krieger
Amtsgericht Kiel, HRB 6202
6422
days inactive
6426
days old
2 comments
3 participants
participants (3)
-
Hendrik Scholz -
Klaus Darilion -
Sahria Hao