[Serusers] logging of SIP dialog

Greger V. Teigre greger at teigre.com
Tue Oct 4 08:03:10 CEST 2005 

Two other suggestions:
1. The ONsip.org script package contains two scripts that you can use to 
generate ngrep traces in various log files based on time, as well as a way 
to search. Maybe not exactly what you want, but I have found this approach 
to be reasonably efficient (see exerpt from README.ONSIP below)
2. Start a tcpdump with rotatelogs (see start_ngrep) and then use 
sip_scenario to generate the traces you want to a directory accessible 
through a web server

Both approaches require a cron clean-up job to delete old logs dependent on 
your disk space.
And BTW, using a hub instead of a switch in front of your ser server means 
that you can set up a dedicated listener like Paul suggested without vlan.
g-)

What you will find in this package:

start_ngrep
---------------
A small script to start ngrep in a way where all SIP messages are logged to 
files in /var/log/sip/.
Must be started as root. Assumes that ngrep version >1.42 is already 
installed. The log files will be
rotated every 24 hours starting 24 hours from the time you run start_ngrep.

siplogs
--------------
Usage: siplogs regex [siplog-filename]
If start_ngrep has been run and ngrep is running as a process, siplogs can 
be called with one parameter
like this: 'siplogs 1237890'
This will filter out all SIP messages with 1237890 found somewhere in the 
message. Only messages found in
the last logfile will be searched (i.e. < 24 hours ago dependent on when you 
started start_ngrep) siplogs
can also take a second parameter: siplogs 1237890 sip.1114992000 and thus 
specify the log file (in
/var/log/sip/) that you want to search through.
The first parameter is a regular expression(awk), so you can for example run 
'siplogs "^INVITE|^ACK"' to
filter out all INVITE and ACK messages.


----- Original Message ----- 
From: "Iqbal" <iqbal at gigo.co.uk>
To: <serusers at lists.iptel.org>
Sent: Monday, October 03, 2005 04:59 PM
Subject: [Serusers] logging of SIP dialog


> Hi
>
> Has anyone come up with a scalable method to log the complete SIP trace of 
> ALL calls, i.e to separate files etc
> Ngrep is greate for a few, but I want to be able to track all calls, for 
> various purposes
>
> Iqbal
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>

More information about the sr-users mailing list