In article <alpine.deb.2.20.1705311339370.15...@ws.sedwards.com>, Steve Edwards <asterisk....@sedwards.com> wrote: > On Wed, 31 May 2017, Steve Edwards wrote: > > > I want to capture all SIP messages. > > > > I have about 30 hosts in about 6 colos. > > > > My first thought was dumpcap, but the output file name format bugs me. > > > > What do you use for long term SIP capture? > > A little more specificity... > > I'd like the capture to be in a series of files that can be 'rotated' or > 'aged out' so that I can always have x days of traffic on hand but not > have to prune the files to keep the storage requirements reasonable.
On most of my systems I have a script sip-capture: --- #!/bin/sh DATE=`date '+%Y%m%d-%H%M%S'` FILE=sip-`hostname -s`-$DATE.pkt cd /var/tmp tcpdump -C 8 -i any -n -p -s 0 -w $FILE udp port 5060 </dev/null >/dev/null 2>&1 & --- I start it in /etc/rc.d/rc.local for want of anywhere better. Being in /var/tmp, cron.daily/tmpwatch deletes files older than 30 days. I could just have easily put them somewhere else and used the -W option to tcpdump to remove old files on a rolling basis. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
