[Freeswitch-users] sip message logging and analysis
freeswitch-users-list at metik.com
Thu Dec 17 19:42:14 PST 2009
Some providers do retain call data for diagnostic purposes and to to aid
in troubleshooting. Why not politely ask them if they could provide you
with a sip trace themselves or forward along the evidence that supported
their conclusion. They should be willing to help you solve a problem
that may potentially be of benefit to their other customers that report
Otherwise, as others suggest, you could simply capture the signaling and
media traffic from the FS box itself using "tcpdump" (e.g. tcpdump -i
eth0 -s 0 -w debug.pcap host 127.0.0.1 ) or ngrep (-d eth0 -W byline -O
/tmp/debug.pcap host 127.0.0.1) and analyze the resulting file in
Wirehark (Statistics->Voip Calls or Telephony->Voip Calls in the current
version). If your provider is using a session border controller or does
not have a distributed architecture, then you can replace 127.0.0.1 with
the appropriate address. If not, then simply don't use the host filter
at all (it will result in a larger capture file). I would just keep in
mind that if an upstream device (NAT router, firewall, etc.) is wreaking
havoc with session refreshes by dropping re-INVITEs or UPDATEs
(associated with session refreshing), you may not see them because of
your vantage point. The reason I typically recommend using the "-i"
(tcpdump) and "-d" (ngrep) switch is to avoid linux 'cooked' captures
(more of a personal preference since I occasionally do have to convert
or merge captures). If you only have SSH access to your FS box, you may
want to use tcpdump or ngrep along with "screen".
"tshark" (tty/cli vesion of Wireshark) and "sipgrep" are also extremely
useful. The later requires ngrep and a couple perl modules but I believe
it is included with FS in the contrib or scripts directory--I forget which).
Frank @ Impact wrote:
> I bit off topic but…
> Using FS to send calls sip to the LD carrier.
> Some calls have problems where they drop the call or audio drops or
> The carrier’s first response is that we dropped the call. But this is
> a day later after the trouble has been reported.
> I am looking for guidance on how to log all sip message traffic and
> then be able to easily retrieve to find a call and look at what sip
> messages really were being based and by whom. Maybe store them in a
> database or some other file that might be opened by an analysis tool.
> Any suggestions on how to log this information and then what tool to
> use for later analysis?
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
More information about the FreeSWITCH-users