Installing and configuring VoIPMonitor Sensor (Sniffer) - Omid-Mohajerani/VoIP-Monitoring GitHub Wiki

We have learned What is VoIP Monitor, Its architecture, and how we can install it on Debian Linux. Now it's time to learn how to install VoIP Monitor Sensor or Sniffer. 

Before We go into the installation steps, I want to recap different modes of VoIP Monitor Sensor installations in our telephony network.

In the first method, the sensor will be installed on the same box as our SIP PBX.  It's the simplest method but has its downside as the VoIPMonitor Sensor will use the same hardware resources such as the CPU. memory and network, that in high load situations may affect your PBX functionality. Also, we won't be able to install the sensor on the same box for example we have a CUCM or Avaya System.

In the second method, we can install the VoIP Monitor sensor in different Boxes and Connect a dedicated PBX network interface to the Sniffer Box. The Network interface should be in promiscuous mode so that sends a copy of the network packet to our sniffer box.  As you can imagine in this method we are using dedicated resources for our sniffer that is very useful to avoid any problem but the downside is that we need an additional network interface in our PBX.

In the Third method, We install the VoIP Monitor Sensor on a dedicated box and we connect to a Managed switch that has the capability to enable promiscuous mode on its network interfaces. In this method, the VoIP Monitor Sensor box will have a copy of all traffic that is passing our PBX and can sniff and capture the required data and send it to our VoIP Monitor Server.

Here We will use the First Method and we will install VoIP Monitor Sensor on the same box as our FreeSWITCH telephony system.

1 - VoIP Monitor Sensor Installation

apt-get install rrdtool
mkdir /usr/src/voipmonitor
cd /usr/src/voipmonitor
wget --content-disposition http://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O x.tar.gz
tar xzf x.tar.gz
cd voipmonitor-*
./install-script.sh

set in /etc/voipmonitor.conf at least interface option it can be like interface=ens33

2 - VoIPMonitor service Management

This is valid only for system that use systemd as manager for services. (After following this you will be able to use systemctl or service commands also in your OS with systemd)

Create file /etc/systemd/system/voipmonitor.service

[Unit]
Description=VOIPmonitor tool for VOIP monitoring
After=syslog.target
After=network.target
After=mysql.service

[Service]
#Restart=always
Type=forking
ExecStart=/etc/init.d/voipmonitor start
ExecStop=/etc/init.d/voipmonitor stop
#Give a reasonable amount of time for the server to start up/shut down
TimeoutStartSec=0
TimeoutStopSec=180
#Place temp files in a secure directory, not /tmp?
PrivateTmp=false
[Install]
WantedBy=multi-user.target

3 - Database Remote Access for VoIPMonitor Sensors

Run on VoIP Monitor Server:

edit /etc/mysql/mariadb.conf.d/50-server.cnf to listen to all network interfaces:

vim /etc/mysql/mariadb.conf.d/50-server.cnf

change bind-address to 0.0.0.0

bind-address            = 0.0.0.0

CREATE USER  'fs'@'localhost' IDENTIFIED BY 'mypass';
GRANT ALL ON *.* to 'fs'@'164.92.182.99' IDENTIFIED BY 'mypass' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;

Test Database Connection from Senor machine

apt install mariadb-client
mysql  -u fs -h  134.122.116.187 -p

(replace 134.122.116.187 address with your VoIP Monitor Server IP Address and fs with the database username if you used different one)

4 - VoIP Monitor Sensor configuration

Chane Following Settings vim /etc/voipmonitor.conf

# mysql server can be IP or hostname. mysqlsocket is faster then mysqlhost
mysqlhost = 134.122.116.187
#mysqlsocket = /var/run/mysqld/mysqld.sock
mysqlport = 3306
mysqlusername = fs
mysqlpassword = mypass

sipport = 5060,5070

id_sensor=2