If your network will support it, you can port mirror all your VoIP traffic to a single VoIPmonitor sniffer. That sniffer can do the per-IP filtering. This is now we are capturing the boxes where we cannot install the voipmon sniffer locally. VoIPmonitor will also support IPIP encapsulation in case your systems have a built-in tap feature, i.e. Sansay SBCs.
For the port mirror solution, do not put the list of IPs to capture in the "filter" option or you will quickly have performance issues. VoIPmonitor has provided a new configuration option for this, "interface_ip_filter". To make managing groups of IP addresses easier, you can drop files in /etc/voipmonitor/conf.d/. Each file can have one or more "interface_ip_filter = 1.2.3.4" lines, and the service must be restarted each time a file is added/removed/changed. I don't know if any of this has made it to their documentation yet. Regards, *Calvin Ellison* Senior Voice Operations Engineer [email protected]
_______________________________________________ VoiceOps mailing list [email protected] https://puck.nether.net/mailman/listinfo/voiceops
