Re: [Astlinux-users] Regular Use of sngrep

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> Am 23.01.2020 um 23:17 schrieb Dan Ryson <da...@ry...>:
> 
> Hi Michael,
> 
> Thanks for the reply.
> 
> I guess my question is really how best to routinely run a SIP PCAP on all incoming/outgoing calls, for later analysis if necessary.  
> 
> I have a provider that offers this and have found it useful for troublesooting isolated problems.  I'm not worried about deleting SIP capture files.  I'm just uncertain how to create them.
> 
> Dan

Hi Dan,

I use this line in "rc.local" to start sngrep in the background in a screen session and store the .pcap files in "/mnt/kd/sngrep/"

/usr/bin/screen -dmS sngrep /usr/bin/sngrep -c -O /mnt/kd/sngrep/$(date +"%Y-%m-%d_%H%M").pcap

The "-c" is important so it only reports on calls, no options, notifies and so on.

On high traffic systems that can eat up a lot of RAM over time, so I kill sngrep with a cronjob in the night and start it again also to get daily reports.

killall sngrep && ....

You can read the .pcap files then later with sngrep within AstLinux again and search for issues.

> 
> -------- Original message --------
> From: Michael Knill <mic...@ip...>
> Date: 1/23/20 2:56 PM (GMT-05:00)
> To: AstLinux Users Mailing List <ast...@li...>
> Subject: Re: [Astlinux-users] Regular Use of sngrep
> 
> Well I'm obviously ignorant of the tools available in Astlinux and I really wish I knew about this one earlier after I tried it.
> 
>  
> 
> Couldn't you just run it to do a PCAP capture only from a specific peer, specifying limits and rotating the calls after the limit is reached?
> 
> You could then do analysis via Wireshark.
> 
>  
> 
> My 2c worth.
> 
>  
> 
> Regards
> 
> Michael Knill
> 
>  
> 
> From: Dan Ryson <da...@ry...>
> Reply to: AstLinux List <ast...@li...>
> Date: Friday, 24 January 2020 at 3:15 am
> To: AstLinux List <ast...@li...>
> Subject: [Astlinux-users] Regular Use of sngrep
> 
>  
> 
> Greetings all!
> 
>  
> 
> It occurs to me that I've only been using the powerful sngrep tool to troubleshooting repeatable problems, not prior intermittent problems that are much harder to reproduce and catch. 
> 
>  
> 
> Is there an AstLinux recommended best-practice  for routinely running SIP packet capture to permit sngrep diagnosis of historic calls?
> 
>  
> 
> Thanks in advance for your thoughts.
> 
>  
> 
> Dan
> 
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....

Michael

http://www.mksolutions.info