[Freeswitch-users] sip message logging and analysis
I bit off topic but. Using FS to send calls sip to the LD carrier. Some calls have problems where they drop the call or audio drops or whatever. The carrier's first response is that we dropped the call. But this is a day later after the trouble has been reported. I am looking for guidance on how to log all sip message traffic and then be able to easily retrieve to find a call and look at what sip messages really were being based and by whom. Maybe store them in a database or some other file that might be opened by an analysis tool. Any suggestions on how to log this information and then what tool to use for later analysis? ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] sip message logging and analysis
Frank, Probably the cleanest (albeit non-FreeSWITCH) way to implement this would be to use OpenSIPS/SER/etc between you and the carrier with the siptrace module. But that's probably more work than you want. There's always tcpdump with a decent filter (udp port 5060 and host x.x.x.x) and then something like http://www.badpenguin.co.uk/files/pcap-util2 Both will allow you to search for BYEs and who is sending them. Also keep in mind that they (or you) may just be dropping the RTP without ever sending a BYE. Setting the various RTP timeouts in FreeSWITCH can help with that. You can then look for logs/events (are there any for RTP timeout?) to see who's dropping RTP. On Thu, Dec 17, 2009 at 7:01 PM, Frank @ Impact fr...@impactfax.com wrote: I bit off topic but… Using FS to send calls sip to the LD carrier. Some calls have problems where they drop the call or audio drops or whatever. The carrier’s first response is that we dropped the call. But this is a day later after the trouble has been reported. I am looking for guidance on how to log all sip message traffic and then be able to easily retrieve to find a call and look at what sip messages really were being based and by whom. Maybe store them in a database or some other file that might be opened by an analysis tool. Any suggestions on how to log this information and then what tool to use for later analysis? ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org -- Kristian Kielhofner http://www.astlinux.org http://blog.krisk.org http://www.star2star.com http://www.submityoursip.com http://www.voalte.com ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] sip message logging and analysis
On Thu, Dec 17, 2009 at 4:01 PM, Frank @ Impact fr...@impactfax.com wrote: I bit off topic but… Using FS to send calls sip to the LD carrier. Some calls have problems where they drop the call or audio drops or whatever. The carrier’s first response is that we dropped the call. But this is aday later after the trouble has been reported. I am looking for guidance on how to log all sip message traffic and then be able to easily retrieve to find a call and look at what sip messages really were being based and by whom. Maybe store them in a database or some other file that might be opened by an analysis tool. Any suggestions on how to log this information and then what tool to use for later analysis? Jason Garland's ClueCon2009 videos about tcpdump and wireshark cover the thought of doing a rotating log file so that it captures a bunch of stuff but doesn't go over X number of megabytes... I don't recall exactly where in his videos that part appears, but here are the links to those vids. Hope it helps! -MC Look at this video first: http://www.viddler.com/explore/cluecon/videos/33/ Then check this one if you need more info: http://www.viddler.com/explore/cluecon/videos/8/ ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] sip message logging and analysis
I'm using VQManager (there is a 30 day trial) and it's useful for seeing who does what / when per call; it's very easy to install... From: freeswitch-users-boun...@lists.freeswitch.org [mailto:freeswitch-users-boun...@lists.freeswitch.org] On Behalf Of Frank @ Impact Sent: Thursday, December 17, 2009 4:02 PM To: freeswitch-users@lists.freeswitch.org Subject: [Freeswitch-users] sip message logging and analysis I bit off topic but... Using FS to send calls sip to the LD carrier. Some calls have problems where they drop the call or audio drops or whatever. The carrier's first response is that we dropped the call. But this is a day later after the trouble has been reported. I am looking for guidance on how to log all sip message traffic and then be able to easily retrieve to find a call and look at what sip messages really were being based and by whom. Maybe store them in a database or some other file that might be opened by an analysis tool. Any suggestions on how to log this information and then what tool to use for later analysis? ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] sip message logging and analysis
So is wireshark UI and its free! :P /b On Dec 17, 2009, at 6:33 PM, Chris Fowler wrote: I’m using VQManager (there is a 30 day trial) and it’s useful for seeing who does what / when per call; it’s very easy to install… ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] sip message logging and analysis
i agree with christian, though i would use tshark. you can actually get the fields you want (method and callid) and store them in a dB. then you need to match them with a query. it is simple but Lots of work. look into -e and -E of tshark separate the fields by , have fun! David El 18/12/2009, a las 01:27, Kristian Kielhofner kristian.kielhof...@gmail.com escribió: Frank, Probably the cleanest (albeit non-FreeSWITCH) way to implement this would be to use OpenSIPS/SER/etc between you and the carrier with the siptrace module. But that's probably more work than you want. There's always tcpdump with a decent filter (udp port 5060 and host x.x.x.x) and then something like http://www.badpenguin.co.uk/files/pcap-util2 Both will allow you to search for BYEs and who is sending them. Also keep in mind that they (or you) may just be dropping the RTP without ever sending a BYE. Setting the various RTP timeouts in FreeSWITCH can help with that. You can then look for logs/events (are there any for RTP timeout?) to see who's dropping RTP. On Thu, Dec 17, 2009 at 7:01 PM, Frank @ Impact fr...@impactfax.com wrote: I bit off topic but… Using FS to send calls sip to the LD carrier. Some calls have problems where they drop the call or audio drops or whatever. The carrier’s first response is that we dropped the call. But thi s is a day later after the trouble has been reported. I am looking for guidance on how to log all sip message traffic and then be able to easily retrieve to find a call and look at what sip messages really were being based and by whom. Maybe store them in a database or some other file that might be opened by an analysis tool. Any suggestions on how to log this information and then what tool to use for later analysis? ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch- users http://www.freeswitch.org -- Kristian Kielhofner http://www.astlinux.org http://blog.krisk.org http://www.star2star.com http://www.submityoursip.com http://www.voalte.com ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch- users http://www.freeswitch.org ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] sip message logging and analysis
I'm using contrib/seven/sip/sip2db.rb 2009/12/18 David Villasmil david.villasmil.w...@gmail.com: i agree with christian, though i would use tshark. you can actually get the fields you want (method and callid) and store them in a dB. then you need to match them with a query. it is simple but Lots of work. look into -e and -E of tshark separate the fields by , have fun! David El 18/12/2009, a las 01:27, Kristian Kielhofner kristian.kielhof...@gmail.com escribió: Frank, Probably the cleanest (albeit non-FreeSWITCH) way to implement this would be to use OpenSIPS/SER/etc between you and the carrier with the siptrace module. But that's probably more work than you want. There's always tcpdump with a decent filter (udp port 5060 and host x.x.x.x) and then something like http://www.badpenguin.co.uk/files/pcap-util2 Both will allow you to search for BYEs and who is sending them. Also keep in mind that they (or you) may just be dropping the RTP without ever sending a BYE. Setting the various RTP timeouts in FreeSWITCH can help with that. You can then look for logs/events (are there any for RTP timeout?) to see who's dropping RTP. On Thu, Dec 17, 2009 at 7:01 PM, Frank @ Impact fr...@impactfax.com wrote: I bit off topic but… Using FS to send calls sip to the LD carrier. Some calls have problems where they drop the call or audio drops or whatever. The carrier’s first response is that we dropped the call. But thi s is a day later after the trouble has been reported. I am looking for guidance on how to log all sip message traffic and then be able to easily retrieve to find a call and look at what sip messages really were being based and by whom. Maybe store them in a database or some other file that might be opened by an analysis tool. Any suggestions on how to log this information and then what tool to use for later analysis? ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch- users http://www.freeswitch.org -- Kristian Kielhofner http://www.astlinux.org http://blog.krisk.org http://www.star2star.com http://www.submityoursip.com http://www.voalte.com ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch- users http://www.freeswitch.org ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] sip message logging and analysis
Some providers do retain call data for diagnostic purposes and to to aid in troubleshooting. Why not politely ask them if they could provide you with a sip trace themselves or forward along the evidence that supported their conclusion. They should be willing to help you solve a problem that may potentially be of benefit to their other customers that report similar issues. Otherwise, as others suggest, you could simply capture the signaling and media traffic from the FS box itself using tcpdump (e.g. tcpdump -i eth0 -s 0 -w debug.pcap host 127.0.0.1 ) or ngrep (-d eth0 -W byline -O /tmp/debug.pcap host 127.0.0.1) and analyze the resulting file in Wirehark (Statistics-Voip Calls or Telephony-Voip Calls in the current version). If your provider is using a session border controller or does not have a distributed architecture, then you can replace 127.0.0.1 with the appropriate address. If not, then simply don't use the host filter at all (it will result in a larger capture file). I would just keep in mind that if an upstream device (NAT router, firewall, etc.) is wreaking havoc with session refreshes by dropping re-INVITEs or UPDATEs (associated with session refreshing), you may not see them because of your vantage point. The reason I typically recommend using the -i (tcpdump) and -d (ngrep) switch is to avoid linux 'cooked' captures (more of a personal preference since I occasionally do have to convert or merge captures). If you only have SSH access to your FS box, you may want to use tcpdump or ngrep along with screen. tshark (tty/cli vesion of Wireshark) and sipgrep are also extremely useful. The later requires ngrep and a couple perl modules but I believe it is included with FS in the contrib or scripts directory--I forget which). -metik Frank @ Impact wrote: I bit off topic but… Using FS to send calls sip to the LD carrier. Some calls have problems where they drop the call or audio drops or whatever. The carrier’s first response is that we dropped the call. But this is a day later after the trouble has been reported. I am looking for guidance on how to log all sip message traffic and then be able to easily retrieve to find a call and look at what sip messages really were being based and by whom. Maybe store them in a database or some other file that might be opened by an analysis tool. Any suggestions on how to log this information and then what tool to use for later analysis? ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
