> Am 23.01.2020 um 23:17 schrieb Dan Ryson <d...@ryson.org>:
>
> Hi Michael,
>
> Thanks for the reply.
>
> I guess my question is really how best to routinely run a SIP PCAP on all
> incoming/outgoing calls, for later analysis if necessary.
>
> I have a provider that offers this and have found it useful for
> troublesooting isolated problems. I'm not worried about deleting SIP capture
> files. I'm just uncertain how to create them.
>
> Dan
Hi Dan,
I use this line in "rc.local" to start sngrep in the background in a screen
session and store the .pcap files in "/mnt/kd/sngrep/"
/usr/bin/screen -dmS sngrep /usr/bin/sngrep -c -O /mnt/kd/sngrep/$(date
+"%Y-%m-%d_%H%M").pcap
The "-c" is important so it only reports on calls, no options, notifies and so
on.
On high traffic systems that can eat up a lot of RAM over time, so I kill
sngrep with a cronjob in the night and start it again also to get daily reports.
killall sngrep && ....
You can read the .pcap files then later with sngrep within AstLinux again and
search for issues.
>
> -------- Original message --------
> From: Michael Knill <michael.kn...@ipcsolutions.com.au>
> Date: 1/23/20 2:56 PM (GMT-05:00)
> To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
> Subject: Re: [Astlinux-users] Regular Use of sngrep
>
> Well I'm obviously ignorant of the tools available in Astlinux and I really
> wish I knew about this one earlier after I tried it.
>
>
>
> Couldn't you just run it to do a PCAP capture only from a specific peer,
> specifying limits and rotating the calls after the limit is reached?
>
> You could then do analysis via Wireshark.
>
>
>
> My 2c worth.
>
>
>
> Regards
>
> Michael Knill
>
>
>
> From: Dan Ryson <d...@ryson.org>
> Reply to: AstLinux List <astlinux-users@lists.sourceforge.net>
> Date: Friday, 24 January 2020 at 3:15 am
> To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Subject: [Astlinux-users] Regular Use of sngrep
>
>
>
> Greetings all!
>
>
>
> It occurs to me that I've only been using the powerful sngrep tool to
> troubleshooting repeatable problems, not prior intermittent problems that are
> much harder to reproduce and catch.
>
>
>
> Is there an AstLinux recommended best-practice for routinely running SIP
> packet capture to permit sngrep diagnosis of historic calls?
>
>
>
> Thanks in advance for your thoughts.
>
>
>
> Dan
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
Michael
http://www.mksolutions.info
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
