[Serusers] Formal SIP message logging

List overview All Threads
Download

newer

older

[Serusers] ser/serweb acl

[Serusers] TECHNICAL BOARD: Closed...

Sahria Hao

25 May 2007 25 May '07

4:28 a.m.

Hi All,

I want to get ONLY formal SIP message (ex. INVITE, REGISTER and more) by SER, like Cisco AS5300 debug mode (ex. # debug ccsip message).

How do I configure my ser.cfg? Now ser.cfg as follows:

debug=3 fork=yes log_facility=LOG_LOCAL0 listen=MY.SER.IP.ADDRESS alias=MY.SER.FQDN.ADDRESS1 alias=MY.SER.FQDN.ADDRESS2 port=5060 children=4 dns=no rev_dns=no fifo="/tmp/ser_fifo" fifo_db_url="mysql://ser:heslo@localhost/ser"

And /etc/syslog.conf as follows:

# SIP Express Router log local0.* /var/log/ser.log

Regards, Sahria

Attachments:

attachment.html (text/html — 948 bytes)

Show replies by date

Klaus Darilion

25 May 25 May

8:53 a.m.

Hi!

This is not possible with in openser.

You can use a packet sniffer to watch the whole SIP traffice. My favorite for sniffing SIP signaling (and related) is:

ngrep -W byline -P "" -d any -q -t port 5060 or port 53 or icmp

regards klaus

Sahria Hao wrote:

...

Hi All,

I want to get ONLY formal SIP message (ex. INVITE, REGISTER and more) by SER, like Cisco AS5300 debug mode (ex. # debug ccsip message).

How do I configure my ser.cfg? Now ser.cfg as follows:

debug=3 fork=yes log_facility=LOG_LOCAL0 listen=MY.SER.IP.ADDRESS alias=MY.SER.FQDN.ADDRESS1 alias=MY.SER.FQDN.ADDRESS2 port=5060 children=4 dns=no rev_dns=no fifo="/tmp/ser_fifo" fifo_db_url="mysql://ser:heslo@localhost/ser"

And /etc/syslog.conf as follows:

# SIP Express Router log local0.* /var/log/ser.log

Regards, Sahria

Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

Hendrik Scholz

29 May 29 May

12:21 p.m.

Hi!

Sahria Hao wrote:

...

I want to get ONLY formal SIP message (ex. INVITE, REGISTER and more) by SER, like Cisco AS5300 debug mode (ex. # debug ccsip message).

You can use xlog() from the xlog module to save certain messages, i.e. if (method=="REGISTER") { xlog("L_NOTICE", "%mb\n"); }

%mb = message body

The implemented specifiers are quite powerful so you might get around logging full messages.

I started writing a passive 'IDS' based on SER for fun. Among other features it has a pcap module that allows writing arbitrary SIP messages to a common pcap file. It updates most IP+UDP headers but obviously won't be able to reconstruct everything. If people are interested I'd publish a patch.

Cheers, Hendrik

-- Hendrik Scholz VoIP Systems Engineer ---------------------------------------------------------------------------- Telefon: + 49 (0) 431 90 20 552 Telefax: + 49 (0) 431 90 20 559 E-Mail: hendrik.scholz@freenet.ag Website: www.freenet.de; www.mobilcom.de ---------------------------------------------------------------------------- freenet Cityline GmbH Ein Unternehmen der freenet AG Hamburger Chaussee 2-4 24114 Kiel ---------------------------------------------------------------------------- Geschäftsführer: Eckhard Spoerr, Axel Krieger Amtsgericht Kiel, HRB 6202

6478

Age (days ago)

6482

Last active (days ago)

sr-users@lists.kamailio.org

2 comments

3 participants

tags (0)

participants (3)

Hendrik Scholz
Klaus Darilion
Sahria Hao