[Freeswitch-users] sip message logging and analysis

Metik freeswitch-users-list at metik.com
Thu Dec 17 19:42:14 PST 2009

Some providers do retain call data for diagnostic purposes and to to aid 
in troubleshooting. Why not politely ask them if they could provide you 
with a sip trace themselves or forward along the evidence that supported 
their conclusion. They should be willing to help you solve a problem 
that may potentially be of benefit to their other customers that report 
similar issues.

Otherwise, as others suggest, you could simply capture the signaling and 
media traffic from the FS box itself using "tcpdump" (e.g. tcpdump -i 
eth0 -s 0 -w debug.pcap host ) or ngrep (-d eth0 -W byline -O 
/tmp/debug.pcap host and analyze the resulting file in 
Wirehark (Statistics->Voip Calls or Telephony->Voip Calls in the current 
version). If your provider is using a session border controller or does 
not have a distributed architecture, then you can replace with 
the appropriate address. If not, then simply don't use the host filter 
at all (it will result in a larger capture file). I would just keep in 
mind that if an upstream device (NAT router, firewall, etc.) is wreaking 
havoc with session refreshes by dropping re-INVITEs or UPDATEs 
(associated with session refreshing), you may not see them because of 
your vantage point. The reason I typically recommend using the "-i" 
(tcpdump) and "-d" (ngrep) switch is to avoid linux 'cooked' captures 
(more of a personal preference since I occasionally do have to convert 
or merge captures). If you only have SSH access to your FS box, you may 
want to use tcpdump or ngrep along with "screen".

"tshark" (tty/cli vesion of Wireshark) and "sipgrep" are also extremely 
useful. The later requires ngrep and a couple perl modules but I believe 
it is included with FS in the contrib or scripts directory--I forget which).


Frank @ Impact wrote:
> I bit off topic but…
> Using FS to send calls sip to the LD carrier.
> Some calls have problems where they drop the call or audio drops or 
> whatever.
> The carrier’s first response is that we dropped the call. But this is 
> a day later after the trouble has been reported.
> I am looking for guidance on how to log all sip message traffic and 
> then be able to easily retrieve to find a call and look at what sip 
> messages really were being based and by whom. Maybe store them in a 
> database or some other file that might be opened by an analysis tool.
> Any suggestions on how to log this information and then what tool to 
> use for later analysis?
> ------------------------------------------------------------------------
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

More information about the FreeSWITCH-users mailing list