# # voipmonitor.org configuration file # # location of this file is at ~/.voipmonitor.conf or /etc/voipmonitor.conf # command line parameters overrides configuration directives in this file # allowed comments are ; or #. # # voipmonitor automatically reads all configuration files in /etc/voipmonitor/conf.d/* which must NOT have [general] section in it # [general] # set sniffer to UTC timezone (all CDR records and pcap time will be in UTC time) # by default utc is disabled and time is taken from local timezone (do not overried timezone = ... in next section # enable this if you have more sniffers in different timezones #utc = 1 # override timezone (path to zoneinfo file). Use this if you do not want CDR and pcap files in UTC time but in different timezone then the server is set #timezone = /usr/share/zoneinfo/UTC # in case of running more voipmonitor instances on the same or another servers configured to save to one database and the same cdr table # it is possible to differentiate CDR by id_sensor column. If you set id_sensor >= 0 the number will be saved in cdr.id_sensor column. # The number is between 1 - 65535 (16bit number) id_sensor = 6 # separate spooldir by sensor id (/var/spool/voipmonitor/id_sensor/date/...) - do not enable this unless you really need it. #spooldir_by_sensor = no # enable this if you have multiple receivers on one server #use_id_sensor_for_receiver_in_files = no # watchdog will run shell script which will automatically start voipmonitor process when it is not running. Name of the script is /tmp/voipmonitor_watchdog # sending kill signal to the voipmonitor process will also kill watchdog process # sending kill -9 signal to the voipmonitor will not kill voipmonitor_watchdog so within 5 seconds the voipmonitor_watchdog script will start voipmonitor again #watchdog = yes ################## START DATABASE CONFIGURATION ############### # SQL driver - mysql is default or odbc (connecting voipmonitor to msssql please refer to README.mssql sqldriver = mysql #sqldriver = odbc #odbcdriver = mssql #odbsdsn = voipmonitor #odbcuser = root #odbcpass = # all queries are queued in internal memory so when the mysql server is unrecheable or down the queue will start filling until all RAM is used and all CDR are lost if sniffer is restarted. # enable query_cache which will store all queries to disk first so it will not consumes all memory and it will survive restarts - on next start the sniffer will start sending unfinished queries. #query_cache = no # mysql server can be IP or hostname #mysqlhost = 127.0.0.1 #mysqlport = 3306 #mysqlusername = root #mysqlpassword = # mysql database - will be created automatically if it does not exists mysqldb = voipmonitor # to disable mysql tables check and upgrade after service start set this to yes #disable_dbupgradecheck = yes # mysql connect timeout default 60 (seconds) #mysql_connect_timeout = 60 # use partitioning cdr* tables by day. If you have schema without partitioning, you MUST start with new database. default is = yes cdr_partition = yes # compress connection to the mysql server (do not enable it if your mysql server is on the same host). Default is disabled. #mysql_client_compress = no # mysql table compression (default enabled) mysqlcompress = yes # load configuration from database - (from table sensor_conf) by id_sensor (SELECT * FROM sensor_conf WHERE id_sensor = N) # if you do not set id_sensor and mysqlloadconfig is enabled it will load first row in database with id_sensor IS NULL # configuration in this file is loaded FIRST then is OVERWRITEN by settings in MySQL! # if this configuration option is not set default is enabled mysqlloadconfig = yes # disable partition creation which runs every 12 hours. If you have multiple sensors storing to one database it is redundant to create partitions by all sensors. Default = no #disable_partition_operations = yes # In case you need to create partitions for last 90 days use this option. This is useful when you want to migrate data. This will create partitions only if table does not exists #create_old_partitions = 90 # or you can use create_old_partitions_from=DATE option. And set date for the oldest partition #create_old_partitions_from = YYYY-MM-DD # if you do not want to save cdr.callend = calldate + duration for some reason (you do not want to upgrade cdr, set it to no). Default is yes sqlcallend = yes ######## SQL queues fine tuning # the sniffer uses stored procedure which is created on the fly with concatenated number of messages to overcome network latency limit # this queue is by default 400. # there are several internal sql queues for cdr, message, register, files(cleaning), http, ipaccount. # specific queues mysqlstore_concat_limit_* overrides the global mysqlstore_concat_limit #mysqlstore_concat_limit = 400 #mysqlstore_concat_limit_cdr = 400 #mysqlstore_concat_limit_message = 400 #mysqlstore_concat_limit_register = 400 #mysqlstore_limit_queue_register = 1000000 #mysqlstore_concat_limit_http = 400 #mysqlstore_concat_limit_ipacc = 400 # each queue is by default served by one thread and this is not enough for high traffic. If the queue is rising # even though your mysql server configuration is already set innodb_flush_log_at_trx_commit = 2 you should consider # to rise number of threads which are automatically created if the queue is > 1000. Take in mind that each thread # creates new connection to mysql server. If any of queue is < 1000 the thread and mysql connection is released. # number of threads are limited to number 9 so even you set it >9 it will be set to 9 #mysqlstore_max_threads_cdr = 2 #mysqlstore_max_threads_message = 2 #mysqlstore_max_threads_register = 2 #mysqlstore_max_threads_http = 2 ##### cleaning database ######### # Removes cdr* partitions older then set number of days. If set to 0 it is disabled (default) #cleandatabase_cdr = 0 # removes data from rtp_stat older > N days. Default is 2 days #cleandatabase_rtp_stat = 2 #Removes register_state and failed partitions older then set number of days. If set to 0 it is disabled (default) # cleandatabase_register_failed = 0 # cleandatabase_register_state = 0 # Sets cleandatabase_cdr and cleandatabase_register_state and cleandatabase_register_failed to the same values. Configuration first look at cleandatabase parameter then it looks for other cleandatabase_* parameters. #cleandatabase = 0 ### Allow partition operation only in specific time range. Default is disabled, # dropping partitions can cause huge performance I/O drop during your peaks and in this case it is recommended to set cleaning outside your peaks # following example will run cleaning only between 1am - 5am (it is 24hour format) # partition_operations_enable_fromto = 1-5 ## EXPERT OPTIONS ## # creates alert partition in separate thread. Do not enable this unless you know what it does. #partition_operations_in_thread = yes ########### END DATABAE CONFIGURATION ################# # voipmonitor is able to sniff directly on network interface or it can read files. # listening interface. Can be 'any' which will listen on all interfaces - NOTE that "any" will not put interfaces into promiscuous mode # and you have to do it with "ifconfig eth0 promisc" # you can also sniff on multiple interfaces by providing list of them delimited by ',' example: interface = eth0,eth1 #interface = eth0,eth1 #interface = any interface = tap_dpdk # put interface to promiscuouse mode so it can sniff packets which are not routed directly to us (it will not work if you use interface = any) promisc = yes # override snaplen which is 3200 by default and 6000 if ssl/http is enabled which might be not enough in rare cases (noone needs this to alter) #snaplen = 20000 # Pcap filter. If you want to sniff only UDP SIP, put here 'udp'. Warning: If you set protocol to 'udp' pcap discards VLAN packets. Maximum size is 2040 chars # udp or (vlan and udp) will capture all tagged and untagged UDP packets # WARNING - if you need to sniff IPinIP (like mirrored packets from voipmonitor) filter = udp will filter all those packets. In this case just disable filter. # WARNING - this rule "udp or (vlan and udp)" will not capture double VLAN tagged packets #filter = udp or (vlan and udp) # default threading_mod = 1 uses one thread for reading from interface doing deduplication at once # threading_mod = 2 (which is automatically set if you have multiple interfaces (interface = eth0,eth1,...) reads from each interface # in separate thread which is better option on multi core systems than interface = any # threading_mod = 3 will do deduplication (if enabled) in separate thread which is needed for high traffic # threading_mod = 4 will do deduplication in more than one threads - use this option if you enable deduplication and your traffic is over 100Mbit # threading_mod = 5 makes more threads for RTP preprocessing #threading_mod = 5 # additional threading modes - enable it for >= 10000 concurrent calls #t2_boost = yes # preprocess_rtp_threads option tells how many threads are used to preprocess RTP packets. Default value 2 is two threads which are able to handle # 10 000 concurrent calls on Intel Xeon CPU E5-2650 with 30% reserve. If you disable (=no) this option there will be no extra thread for RTP packet # processing. You will proably do not need to adjust this value ever. #preprocess_rtp_threads = 2 ## START SERVER/CLIENT configuration # since version 19.6 sniffer implements new server/client sensor's architecture # In this mode a GUI communicates with client's sensors via server's sensor only. So client's sensor can be behind NAT and # still is reachable from the GUI. # Client's sensors in database are created dynamically by server's sensor. # Communication between server/client is encrypted. # Can be only one server's sensor for now, the other sensors must be clients. Old fashioned remote sensors can be used together. # Implicitly, client process a data, saves a pcaps to a local spooldir, sent the sql inserts/queries to the server's sensor # and server's sensor does the whole sql operations. So on client side isn't needed any sql setting. # Modification of this process can be done in client configuration. # server_bind_port and managerport on the server's sensor need to be accessible from the GUI # Server part #server_bind = #server_bind_port = 60024 # password required #server_password = # Client part server_destination = 52.203.53.207 server_destination_port = 60024 # password required server_password = sonus1 # When 'packetbuffer_sender' option is set to yes, client's sensor just sent raw data (as mirror mode does) to the # server's sensor, server's sensor process data, stores pcaps and writes to the sql. Default is no. packetbuffer_sender = yes ## END of SERVER/CLIENT configuration # The receiver's sensor differentiates packets from different sender's sensor. # Sometimes may be useful to disable this check. E.g. you use multipath routing and packets from one call # can go via more paths and can be sniffed by different sensor. Then the receiver's sensor can compose the call # from packets coming from different sensors. Default is yes. #receiver_check_id_sensor = no # since version 8 sniffer implements new mirroring option. Sender is packing data to compressed stream over the # TCP to remote sniffer. # if you are going to use this sniffer only as a mirroring sniffer all you need is to set interface, packetbuffer_* # set compression on and set packetbuffer_file_* so in case the connection to remote sniffer will die or will be # temporarily slow the sender will not loose single packet. The mirroring is trying to reconnect in case of # failure. Packets are mirrored including the the original timestamp and headers. # this mirroring hopefully replaces pcapscandir feature which will be probably removed in favor of this approach. # here set the sending (mirroring). The sender needs to set only interface, ringbuffer, packetbuffer_*, filter # and this two folling mirror_destination_* #mirror_destination_ip = #mirror_destination_port = # here set the receiver and do not forget to set firewall so no other except the sender will be able to connect # to the receiver #mirror_bind_ip = #mirror_bind_port = # all packets needs to be confirmed by receiver which prevents any data loss or corruption (can be slow on very high traffic throughput (round trip limitation) # default yes #mirror_require_confirmation = yes # use block checksum which makes mirroring more robust but it uses slighly higher CPU usage # default = yes #mirror_use_checksum = yes # default window lenght for sorting packets coming from different remote mirroring sniffers is 2000ms (2 seconds). In case # there is some network latency / buffering etc. you can increase this window to higher values to prevent packet reordering # if you are using mirror_bind_ip (default is 2000ms) #pcap_queue_dequeu_window_length = 2000 # sip_send feature allows to send SIP packets over TCP or UDP (whichever you enable). sip_send will use TCP connection on # chosen port and sip_send_udp (yes/no) uses UDP connection to chosen port. If you want to send the packet as soon as possible # set sip_send_before_packetbuffer = yes. This feature is not intended for mirroring SIP packets to the voipmonitor sniffer # but to some 3rd party applications. # # WARNING: Each SIP paket sent to sip_send = destination is additionaly trailed with 2 bytes - the length of SIP packet # for example netcat in listen mode can be used to receive data on dest server # test using TCP: nc -l 192.168.0.2 -p 1555 # test using UDP: nc -l 192.168.0.2 -p 1555 -u # #sip_send = 192.168.0.2:1555 #sip_send_udp = yes #sip_send_before_packetbuffer = yes # scan pcap files folder and read file by file. This is in conjuction with running tcpdump which creates pcap file each # 5 seconds (-G 5) storing pcap files named by UNIX_TIMESTAMP to /dev/shm/voipmonitor folder (do not forget create it) # using 1GB ring buffer to avoid losing packets (-B500000 - you can lower it but not higher) filtering udp packets (udp # parameter whcih you can change to your needs). voipmonitor then reads created files (and delete it after processing. # This approach can be used for testing throughput or for very high voip traffic (>500Mbit). If the sniffer is able to # process pcap files in realtime - there will be in /dev/shm/voipmonitor folder only one or two pcap files. If the sniffer # is not able to process in realtime (blocking by I/O or by CPU) number of pcap files will grow faster then the sniffer # is able process. # # WARNING: libpcap < 1.1 contains memory leak when pcap filter is set - do not set filter in this config or upgrade libpcap to the latest (debian 6 libpcap contains the leak) # static compiled voipmonitor from voipmonitor.org contains the latest libpcap # # tcpdump example command: # nice -n -20 tcpdump -B500000 -i eth2 udp -G 5 -w /dev/shm/voipmonitor/voipmonitor 2>/dev/null 1>/dev/null & #scanpcapdir = /dev/shm/voipmonitor # When scanpcapdir is being used, voipmonitor will by default read any new file # that is created in that directory as soon as the file is closed. This is # the normal setting if your packet capture software is tcpdump. If you are # using a different packet capture software, you may need to change this # setting to "rename" if that software writes to a temporary file, closes it, # and then renames it to something else after the file is closed. # # Default setting is "newfile" #scanpcapmethod = newfile # in case the SIP(media) server is behind public IP (1.1.1.1) NATed to private IP (10.0.0.3) to sniff all traffic correctly you can # specify alias for this case. You can specify more netaliases duplicating rows. # in most cases this is not necessary because voipmonitor is able to track both RTP streams based on the other side IP. But # if the stream is incoming from another IP then SIP source signalization and also from another IP than the SIP device which is # also behind NAT its impossible to track the correct IP. Please note that this is for case where the SIP server is behind NAT # and also the client is behind NAT. If your SIP server has public IP do not bother with this. #natalias = 1.1.1.1 10.0.0.3 #natalias = 1.1.1.2 10.0.0.3 #natalias = 1.1.1.3 10.0.0.4 # NAT helper: # if voip SIP device (with source IP 1.1.1.1) sends in SDP that it wants RTP for example to 10.0.0.1 and port # 10000 the call also sniff RTP from 1.1.1.1:10000 or to 1.1.1.1:10000 which does more problems than it solves. # Now this behaviour is changed and if you need this option back you can enable it # default no #sdp_reverse_ipport = yes # store ip/port in SDP message in cdr_sdp table # default yes #save_sdp_ipport = yes # when decoding audio use RTP streams only with the same IP addresses found in SIP/SKINNY src/dst IP header # default no #rtpfromsdp_onlysip = no # define bind address for manager interface. Default is 127.0.0.1 # it is not recommended to change this unless really needed due to # security. If you need it on some other IP make sure you set firewall # and change the standard port for better security #managerip = 127.0.0.1 # classify number without leading 00 or + to country according to local_country_code configuration option which is in ISO 3166-1 alpha-2 # format http://cs.wikipedia.org/wiki/ISO_3166-1. Default is local #local_country_code = local #local_country_code = US # define TCP manager port managerport = 5029 # connects to server and listen for commands #managerclient = serverip or hostname #managerclientport = 1234 # define SIP ports wihch will voipmonitor liste. For each port make new line with sipport = port (multiple lines) # sipport detects udp / tcp and websocket (webrtc) - unencrypted. For encrypted SIP please refer to ssl* options sipport = 5060 sipport = 5061 #sipport = 5062 # use the new TCP reassembler which is far more robust than the old one. It can reassemble much more SIP messages even better than wireshark.. #sip_tcp_reassembly_ext = yes # enable storing sip source and destination port to database so the port from INVITE can be searched cdr_sipport = yes # enable storing RTP destination port to database cdr_rtpport = yes # enable storing RTP source port to database (default is no) #cdr_rtpsrcport = no ############## SIP TLS SSL SUPPORT # if you want to decrypt TLS encrypted SIP you need to enable ssl = yes and pprovide options for ssl_ipport where 10.0.0.1 is IP address of your # TLS server 5061 is TCP port and your.key contains private key # ssl_ipport detects websocket over SSL / TCP (webrtc) # note that you cannot decrypt TLS where you use cipher suite with diffie hellman key exchange by nature. #ssl = yes #ssl_ipport = 10.0.0.1 : 5061 /path/to/your.key # voipmonitor supports parsing session keys sent to UDP port, by default it is disbaled. To enable it set ssl_sessionkey_udp=yes which will parse all UDP packets for json format and tests for # example of UDP packet: {"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","sessionid":"BAD9ADC061C0A09C5DCCD28DB31B71E3BEDD0894043A38012357DC992C12516C", "mastersecret": "A5433C3A244945B706112EBBAF3FA5F0995BjACOC7883EC0F13952B9F89A0F6657CCC4279BE4727631DBBFA93A91E067"} # to restrict parsing UDP packets use ssl_sessionkey_udp_port or ssl_sessionkey_udp_ip which will allow packets only with destination port == ssl_sessionkey_udp_port and destination IP ssl_sessionkey_udp_ip #ssl_sessionkey_udp = yes #ssl_sessionkey_udp_port = 1234 #ssl_sessionkey_udp_ip = 192.168.178.0/24 #################################### ########### SRTP ################### # SRTP decryption (RTP and RTCP) uses keys from SIP SDP # supported keys: #AES_CM_128_HMAC_SHA1_32 #AES_CM_128_HMAC_SHA1_32 #AES_CM_128_HMAC_SHA1_80 # by default sniffer is decrypting only RTCP. RTP is stored as is and can be decrypted later by the GUI if user requests audio. If you want to store decrypted RTP in pcaps enable srtp_rtp = yes #srtp_rtp = no #srtp_rtcp = yes #################################### # If remotepartyid is set to yes the SIP Remote-Party-ID is used to get caller name/number # If callerid is anonymous and Remote-Party-ID is present the number is always taken from Remote-Party-ID if present regardless on the remotepartyid option. #remotepartyid = no # If passertedidentity is set to yes the SIP P-Asserted-Identity is used to get caller name/number # If callerid is anonymous and P-Asserted-Identity is present the number is taken from P-Asserted-Identity only if this option is enabled #passertedidentity = no # parse only the number and ignore everything after ";". Example - P-Asserted-Identity: # default is yes. #callernum_numberonly = yes # If ppreferredidentity is set to yes the SIP P-Preferred-Identity is used to get caller name/number # If callerid is anonymous and P-Preferred-Identity is present the number is taken from P-Preferred-Identity only if this option is enabled. #ppreferredidentity = no # If remotepartypriority is set and SIP contains Remote-Party-ID it is used instead of passertedidentity or ppreferredidentity #remotepartypriority = no # take number from INVITE URI or To: SIP header. If destination_number_mode = 1 It will always save number from To: header. # if destination_number_mode = 2 it will take number from INVITE URI. # default: destination_number_mode = 1 #destination_number_mode = 1 # end call after N seconds (default is 4 hours = 4 * 3600). This prevents creating giant pcap files and memory growing for # calls where RTP stream stucked indefinitely . # if call is ended due to this itmeout in the cdr.bye will be number 102 absolute_timeout = 14400 # end call after N seconds (default is 20 minutes = 20 * 60) after receiving SIP BYE message no matter how many RTP packets # arrives after SIP BYE. destroy_call_at_bye = 1200 # end call after N seconds after BYE (regardless if it is confirmed or not) even if RTP packets are still flowing (which are extending the call) # default 1200 seconds (20 minutes) #bye_timeout = 1200 # end call after N seconds after confirmed BYE even if RTP packets are still flowing (which are extending the call) # default 600 seconds #bye_confirmed_timeout = 600 # do not process any RTP packets after BYE # default no #ignore_rtp_after_bye_confirmed = no # if enabled (default disabled) mark CDR in case there is BYE within dialog with "transaction does not exists" reply #detect_alone_bye = no # onewaytimeout ends sip call after set seconds which does not receive any reply from the other side. # technically it takes sip source ip address from first invite/register and if there is no other sip source ip different # from the first source ip the call will be terminated after onowaytimeout seconds. # if a call is terminated due to this timeout in cdr.bye column will be 101. # purpose of this timeout is to release memory as soon as possible in case there is some flood INVITE which does not # have any reply. Another reason is when mirroring is set incorrectly and the sniffer sees only one side of a SIP # signalization. # if onowaytimeout is not set default is 15. onewaytimeout = 15 # sipwithoutrtptimout is used when the SIP call does not have any asoociated RTP to prevent zombie sip calls like # when BYE or CANCEL is missing so the call has to timeout at some point. Default value is 1 hour (3600 seconds) # if you have longer calls in your network you need to increase this value. Previosly rtptimeout parameter was # used. #sipwithoutrtptimeout = 3600 # rtptimeout will close call only if the call register any RTP packet and there is no SIP or RTP/RTCP packet activity # within the rtptimeout. (if the call has no RTP packet this timeout is not applied, lok for sipwithoutrtptimeout). # the rtptimeout is to prevent zombie calls in voipmonitor memory. Recommended value is 5 minutes (300 seconds). #rtptimeout = 300 # ringbuffer is circular memory queue directly in kernel memory space. libpcap is reading from this queue and # delivers packets to voipmonitor. If the network rate is > 100 Mbit we recommend to set ringbuffer to at least 500 # maximum value is 2000 MB. # default 50 MB ringbuffer = 50 # packetbuffer is used to cache packets after it is read from kernel ringbuffer. From this cache packets are going # to process unit which can be blocked either by CPU spikes or if all write caches are full. Since version 11 there # is no reason to make it big since write cache is in async buffer now (see further). packetbuffer_enable = yes packetbuffer_compress = no # in case CPU is bottleneck you can lower compress ratio (100 is full compression) packetbuffer_compress_ratio = 100 # maximum memory used for buffering packets when I/O blocks or CPU blocks processing them. # default is 2000 MB # from version 11 it replaces packet_buffer_total_maxheap and pcap_dump_asyncwrite_maxsize max_buffer_mem = 2000 # number of threads to process RTP packets. If not specified which is default option it will equal to the number of available CPUs. # If set to 0 threding is turned off. #rtpthreads = 0 # number of RTP threads when sniffer starts (it will still lower if there is no traffic). Change this only if you will run synthetic tests # default = 1 #rtpthreads_start = 1 # jitter buffer simulator variants. By default voipmonitor uses three types of jitterbuffer simulator to compute MOS score. # First variant is saved into cdr.[ab]_f1 and represents MOS score for devices which has only fixed 50ms jitterbuffer. # Second variant is same as first but for fixed 200ms and is saved to cdr.[ab]_f2 # Third varinat is adaptive jitterbuffer simulator up to 500ms # Jitterbuffer simulator is the most CPU intensive task which is voipmonitor doing. If you are hitting CPU 100% turn # off some of the jitterbuffer simulator. I'm recomending to use only fixed 200ms if you need to save some CPU cycles. #jitterbuffer_f1 = no #jitterbuffer_f2 = yes #jitterbuffer_adapt = no # Ignore rtcp jitter value higher then this number for a counting of the avg/max jitter values for cdr. # It can help on some DSL/cable modems where jitter in first rtcp packet is mangled/bad calculated. # Into pcap are stored original values. # Default value is zero, which means disabled. #ignorertcpjitter = 0 # Packet loss concealment (PLC) is a technique to mask the effects of packet loss in VoIP communications. # Because the voice signal is sent as packets on a VoIP network, they may travel different routes to get to destination. # At the receiver a packet might arrive very late, corrupted or simply might not arrive. # One of the cases in which the last situation could happen is where a packet is rejected by a server which has a full buffer # and cannot accept any more data. # default no. #plcdisable = no # callslimit will limit maximum numbers of calls processed by voipmonitor at the same time. If calls are over limit # it will be ignored (INVITE) #callslimit = 0 # in case SIP session travels accross several proxies (and Call-ID header DOES not change) and you would like to track # all sip proxies and make them searchable in GUI / database. If disabled cdr will store to destination sip # column destination IP from the first INVITE (or it will overwrite another INVITE with the same source IP). # If enabled there will be destination IP from the latest invite and all proxy ip will be stored in cdr_proxy table. # default enabled cdrproxy = yes # this option allows to skip storing cdr.a_ua and cdr.b_ua - this is workaround for those who has extreme cdr rate and # number of user agents in database is over 1000 and CPU is not powerfull enough to store cdr in real time. In future # this option will be removed once we optimize this rutine. #cdr_ua_enable = yes # remove string from useragent before storing to the database. This is usefull in case you want to remove unique string # from it so the table cdr_ua will not grow too much # you can set multiple cdr_ua_reg_remove. #cdr_ua_reg_remove = \([0-9a-z\-]+\)$ #cdr_ua_reg_remove = -RMR[0-9a-z\-]+$ # SSRC in RTP headers must not equal zero according to RFC so voipmonitor is ignoring such RTP by default. # If you still need to parse such packets enable it # default = no #allow-zerossrc = yes # duplicate check do md5 sum for each packet and if md5 is same as previous packet it will discard it # WARNING: md5 is expensive function (slows voipmonitor 3 times) so use it only if you have enough CPU or # for pcap conversion only . Default is no. #deduplicate = yes # prior verison 8.0.1 deduplicate was comparing only data without ip header and udp header so duplicate packets # was matched also in case the IP addresses differes. This was good for some cases but it leads to completely # ignore RTP streams in other cases. Now default option is to check duplicates based on not only data but ip headers # too. To change this set deduplicate_ipheader = no # default = yes #deduplicate_ipheader = yes # enable/disable updating called number from To: header from each caller INVITE. Default is enabled so it supports overlap dialing (RFC 3578) # if you want to disable this behaviour and see always number only from the first INVITE set sipoverlap = no #sipoverlap = yes # The same as sipoverlap but ignores the source ip address of an invite packet. # If the source ip is matching with first invite, sipoverlap option updates called number from last invite. # When last_dest_number option is enabled it will take a dst number from the last invite always. # Default is no. #last_dest_number = yes # create own large UDP packet in case of decapsulation from IP in IP #default no #virtualudppacket = yes # save sip REGISTER messages sip-register = no # wait only N seconds for reply on first register then remove from memory. (default is 5 seconds) sip-register-timeout = 5 # option to not to save failed registration on timeout (default no (which means by default failed registratinos are stored when timeout)) #sip-register-timeout-disable_save_failed = yes # if mysql binlog is enabled, skip binlog inserts into active table (which is MEMORY type) # if you still want to replicate this too (huge I/O impact) set it to = no sip-register-active-nologbin = yes # ignore failed registrations which ends with 401 response code (default no) #sip-register-ignore-res401 = no # ignore failed registrations which ends with 401 and nonce has changed response code (default no) #sip-register-ignore-res401-nonce-has-changed = no #Registers From IP: Register packets for same user from different IP. Decide to compare also source SIP IP in register packet when matching/evaluating. (default no) sip-register-compare-sipcallerip = yes #Registers To IP: Register packets for same user. Decide to compare also destination SIP IP in register packet when matchingevaluating. (default no) sip-register-compare-sipcalledip = yes #Registers To Domain: Register packets for same user. Decide to compare also domain part of SIP header to in register packet when matching/evaluating. (default no) sip-register-compare-to_domain = yes #Registers From Domain : Register packets for same user. Decide to compare also domain part of SIP header from in register packet when matching/evaluating. (default no) sip-register-state-compare-from_domain = yes #Registers Auth Realm: Register packets for same user. Decide to compare also SIP Authentication Realm in register packet when matching/evaluating. (default no) sip-register-state-compare-digest_realm = yes # ignore cdr with list of last SIP response codes like 302 etc. Parameters are list of response codes delimited by colon. If response code # is one number it is wildcard for all response codes starting with that number #cdr_ignore_response = 302,303,4 # if yes, voipmonitor will not save CDR to MySQL nocdr = no # if yes, all SIP calls will be ignored unless capture rules set skip flag based on IP or Tel. numbers (mysql.filter_*) #skipdefault = yes # write CDR to database only if call was answered # default = no #cdronlyanswered = yes # when storing CDR check if there is the same CDR with the same sip.Call-ID and replace it if the new one contains RTP and the old one not # this option is intended for case where you need to mirror SIP signalling to RTP media nodes and every RTP voipmonitor node sends CDR based # on the same SIP thus diplicating CDR and only one CDR have RTP associated. # default is off #cdr_check_exists_callid = yes # write CDR to database only if call has RTP # default = no #cdronlyrtp = yes # filter RTP packets by VLAN tag from first SIP packet. This solves situation when sniffing with one sniffer on multiple VLAN (tagged) # with the same IP for different PBXs but same IP addresses. Without this configuration RTP packets are mixed togather. #vlan_siprtpsame = no ############################################################################### # cisco skinny protocol (SCCP) # ############################################################################### # disabled by default (when enabled default port is TCP port 2000) #skinny = yes # Multiple skinny ports is allowed #skinny_port = 2000 #skinny_port = 12000 # some cisco call manager is configured to receive call always on the same UDP port which results in one-way recordings or mixed recordings. In this case # set this option to IP address of the cisco call manager. This also assumes that cisco phones uses the same UPD port for receiving and sending RTP # (symmetric RTP) #skinny_ignore_rtpip = 10.1.1.1 ############################################################################### # MGCP protocol # ############################################################################### # mgcp protocol is disabled by default #mgcp = yes # default MGCP ports (change it only if it differs) #tcp_port_mgcp_gateway = 2427 #udp_port_mgcp_gateway = 2427 #tcp_port_mgcp_callagent = 2727 #udp_port_mgcp_callagent = 2727 ############################################################################### # storing packets into pcap files # ############################################################################### # limit pcap file size (in MB) after the lmit the sniffer will stop recording packets to that file but will still analyze it for loss/jitter etc. # default disabled. #maxpcapsize = 500 # directory where all files (pcap|wav|graph) are stored spooldir = /var/spool/voipmonitor # alternatively you can specify different directories for RTP / .graph and audio files. In this case you MUST set in GUI to download pcaps from sniffer #spooldir_rtp = #spooldir_graph = #spooldir_audio = # optional secondary storage (GUI->capture rules -> store pcaps to second spool - this allows to store some calls to another storage with different autoclean setup #spooldir_2 = /var/spool/voipmonitor2 # spooldir permissions #spooldir_file_permission = 0666 #spooldir_dir_permission = 0777 #spooldir_owner = root #spooldir_group = root # enables writing pcap files to separate folders per sensor id or sensor name. Enable this feature only if you are not using database. # spooldir_by_sensorname = yes # name_sensor = sensor1 # pcap_dump_bufflength sets buffer (bytes) for every file (pcap, graph). It helps to prevent randowm write for each SIP / RTP packet. # Optimal and default value are 8184 Bytes. pcap_dump_bufflength = 8184 # compress pcap file (SIP and RTP). It enables pcap_dump_zip_sip and pcap_dump_zip_rtp see below # default is yes pcap_dump_zip = yes # compress only SIP pcap file (lzo, gzip, no) #pcap_dump_zip_sip = gzip # SIP zip level compression is 6 by default. pcap_dump_ziplevel_sip = 6 # compress only RTP pcap file (lzo, gzip, no) # lzo is the fastest method with slight less compress ration then gzip level 1. Voipmonitor internal LZO is not compatible with standard LZO tools # so you have to decompress it with voipmonitor -kc --unlzo-gui='input.pcap output.pcap' # if path to file is not absolute (/...) it is relative to the spooldir directory # (GUI decompress it on the fly and serve it as gzip) pcap_dump_zip_rtp = lzo # RTP zip level compression is 1 by default (very fast) to increase compression ratio increase this number (9 is maximum, very slow and memory hungry) #pcap_dump_ziplevel_rtp = 1 # compress only graph file (lzo, gzip, no) #pcap_dump_zip_graph = lzo # GRAPH level compression is 1 by default (very fast) to increase compression ratio increase this number (9 is maximum, very slow and memory hungry) #pcap_dump_ziplevel_graph = 1 # level of zip compression where default is number 6. The fastest compression is 1 the highest (and the slowest) is 9. # this option will set pcap_dump_ziplevel_sip = pcap_dump_ziplevel_rtp = pcap_dump_ziplevel_graph #pcap_dump_ziplevel = 1 # number of initial threads used for compressing pcap_dump_zip if enabled. Default is 1. Number of threads automatically grows once threads consumes >95% CPU pcap_dump_writethreads = 1 # number of maximum threads for pcap_dump_zip compression. The value is limited by this formula: MIN(number of available CPU, pcap_dump_writethreads_max, 32) pcap_dump_writethreads_max = 32 # pcap_dump_asyncwrite copy packets into asyncbuffer before it is written to disk. This will ensure that processing # packets are not suspended in case of blocks from I/O layer. Keep this always enabled pcap_dump_asyncwrite = yes ############################################################################## # TAR format # # default configuration is not recommended to change unless you exactly know what you are doing. If any of those options are missing it uses its default options # # instead of writing each call to its own pcap file write it it into tar archive. Name of the tar file is derived from # start of the call - year-mon-day/hour/minute/sip.tar # for each sip rtp and graph is created separate tar file (prefixed with sip rtp or graph). # this is new default method since sniffer 11.0. For 2000 concurrent calls IOPS lowered from 200 to 40 storing RTP+SIP+GRAPH. For 40 000 concurrent # calls IOPS drops from 4000 to 10 sniffing only SIP. tar = yes # default number of maximum compression threads is 8. Usage of those threads can be watched in syslog tarCPU[A|B|C|D...] tar_maxthreads = 8 # available compression for tar_compress_[sip|rtp|graph] is - no, gzip and lzma. gzip is default for sip and graph rtp are not compressed because it is # better to compress each RTP pcap individually and concatenate them to uncompressed rtp.tar file. Lzma compression has better compression ratio (about 40%) # but it is 10x slower and uses much more memory. It also takes more time to flush all data from sip pcap so user have to wait longer time for download # pcap after call ends.# If compression is disabled sniffer stores offset for each file into database thus extracting pcap file from tar file requires # minimal I/O seeks and it is instant. If you enable compression of RTP tar file you will loose that possibility and GUI will extract file for long time # (minutes) on huge traffic using lot of I/O resouces. if compression for SIP/RTP or GRAPH is enabled it automatically disables options pcap_dump_zip # pcap_dump_zip_sip pcap_dump_zip_rtp pcap_dump_zip_graph which means that inside tar file is uncompressed pcap files. # internal memory organization stores packets to memory until 150kb is reached then the file is flushed to tar file. to save # some memory default internal compression of data are compressed with fast snappy compression algorithm which you can disable # default sip tar compression is gzip with level compression 6 (default gzip compression). tar_compress_sip = gzip tar_sip_level = 6 # default rtp tar compression is disabled. tar_compress_rtp = no # if you have plenty CPU cores and many calls you can increase it to level 6. Difference between level 1 and 6 is 7% in size and 63% faster. tar_rtp_level = 1 # default graph tar compression is gzip with compression level 1 tar_compress_graph = gzip tar_graph_level = 1 # end tar format configuration ############################# # store pcap and graph file to and move it after call ends to spool directory. Moving all files are guaranteed to be serialized which # helps with slow random write I/O on spin or other media. Typical cache directory is /dev/shm/voipmonitor which is in RAM or /mnt/ssd/voipmonitor # which is mounted to SSD disk or some very fast SAS/SATA disk where spool can be network storage or raid5 etc. #cachedir = /dev/shm/voipmonitor # openfile_max overrides default max open files which is 65535 #openfile_max = 300000 # list characters that should be converted to underscore (_) in filenames # if you want to include space, put it between other characters, like ': :' (will convert ':' and ' ' to '_') # default is none # # example - avoid ':' when Call-Id contains port number #convertchar = : # name of the pcap file is derived from the SIP.Call-ID header unless you override it with fbasenameheader which is name of custom header with file name #fbasenameheader = X-custom-filename # save SIP packets to pcap file savesip = yes # save_sip_history stores SIP request / responses into the database cdr_siphistory (without body) which can be used to search database for calls with # specific response / requests during dialog. By default even if this option is disabled sip responses are always stored and only BYE request. # this option allows to enable storing all SIP requests and also all ressponses which have additional timestamp. You would need to enable # this option only in case you need to search database / calls based on specific SIP REQUEST messages. #save_sip_history = requests,responses #save_sip_history = all # save_sip_response option enables storing all sip responses into cdr_sipresp table. Enabling this feature can overload mysql database on high sip throughput # which is reason why it is disabled by default #save_sip_responses = no # save RTP packets to pcap file. savertp = yes automatically saves RTCP packets # you can also save only RTP header without AUDIO: savertp = header # if save RTP is enabled it will also save UDPTL packets (used for T.38) # you can also set savertp = no and control what calls will record RTP in mysql table filter_ip or filter_tel # which is controled in GUI -> Capture rules. Sending reload command will reload configuration from filter_* # table. You can also set savertp = yes but denies recording RTP based on rules in filter_* table. savertp = yes #savertp = header # voipmonitor by default splits SIP and RTP packets to individual files (in case spooldiroldschema = no) which are # located in SIP and RTP directories. This feature allows instance cleaning RTP streams differently then SIP packets # to join two pcap files SIP+RTP use mergecap command line utility which is included in wireshark package # default = yes | spooldiroldschema must be set to no # disabling this disables tar function #pcapsplit = yes # save UDPTL packets (FAX T.38). If savertp = yes the UDPTL packets are saved automatically. If savertp = no and you want # to save only udptl packets enable saveudptl = yes and savertp = no #saveudptl = yes # enable FAX T.30 detection by analyzing voice frames for 1100 and 2100 HZ (CNG CED tones). It currently works only for G.711 ulaw/alaw and it consumes more CPU. #faxdetect = no # save RTCP packets to pcap file savertcp = yes # save RTP payload to audio file. Choose 'wav' for WAV PCM or 'ogg' for OGG 25kbps format. # please note that this has great impact on I/O and can overload your storage leading to lose packets. Better way is to store only sip+rtp and # convert wav files on demand. #saveaudio = wav # store audio only after call was answered, default is no #saveaudio_afterconnect = no # save audio only for connected calls, default no (this option will be deprecated in favor of saveaudio_afterconnect) #saveaudio_answeronly = no # generate silence audio from the first invite even if there are no RTP packets yet so the audio length matches sip signalization lenght. #saveaudio_from_first_invite = yes # save caller in left channel and called in right channel. Default enabled. If disabled caller and called are mixed into mono. saveaudio_stereo = yes # by default wav file is stereo where left channel is caller and right channel is called. if you want to swap left right enable saveaudio_reversestereo # default is no #saveaudio_reversestereo = no # ogg quality - from -0.1 to 1.0 (low to best) - this affect size of the OGG ogg_quality = 0.4 # number of threads dynamically increases to maximum of CPU or to maximum of 10 threads which you can override #audioqueue_threads_max = 10 # default path to WEB GUI used to construct path to key check for codecs # default paths: #keycheck = /var/www/voipmonitor/php/lib/keycheck.php #keycheck = /var/www/html/voipmonitor/php/lib/keycheck.php # in case you are not saving RTP at all but you still want to save DTMF carried over RTP packets (RFC2833) # you can enable this option. This feature slows down a bit processing RTP packets in main read thread # in casse voipmonitor runs in threads. # default = 0 #saverfc2833 = 0 # Enable storing DTMF (SIP INFO or RFC2833 or inband if anebled see inbanddtmf) to cdr_dtmf database. It will store DTMF time and key # then it will be shown in SIP history in the GUI # default is no #dtmf2db = no # enable DTMF inband detection for codec G711a/u. Default is disabled. If you want to store it to the database you need to enable dtmf2db = yes # enabling this to yes will cause slight CPU load because of decoding G711 to slinear and doing DTMF detection. # you need to enable dtmf2db = yes #inbanddtmf = no # silence detection activates decoding audio for G.711ulaw/alaw only and based on audio energy stores silence vs. noise percentage ratio. # CDR will have caller and called silence percent ratio which is usefull for searching calls where silence is high (>80% etc.) # another two values will be added into database which indicates how many seconds from the end of caller/called was silence detected which # might indcate that caller or called suddenly get silence. # default is no (enabling this activates DSP detector and G711 decoding which adds some CPU) #silencedetect = yes # silence threshold sets sensitivity of silence detection. Higher values increase sensitivity, lower values decrease sensitivity od silence detection. # The number is between 1-32767 # default: 512 #silencethreshold = 512 # clipping detection counts number of G.711 alaw/ulaw clipped frames and stores number in milliseconds into cdr.caller_clipping_mul100 # and cdr.called_clipping_mult100. The number represents number of 8000hz frames with value 32124 for ULAW and value 32256 for ALAW delimited # by number 100. Columns are tinyint with maximum value of 255 which represents 25500 or more clipped frames. # Clipped frames are percieved by human as distortion. # Enabling this have some performance impact decoding audio frames from ALAW/ULAW to SLIENAR. Default option is disabled. #clippingdetect = no # save graph data for web GUI. savegraph = yes # if any of SIP message during the call contains header X-VoipMonitor-norecord call will be not converted to wav and pcap file will be deleted. #norecord-header = yes # if any of SIP message during the call contains DTMF INFO sequence "*0" call will be not converted to wav and pcap file will be deleted. # default: disabled #norecord-dtmf = yes # enable pausing RTP/WAV recording if DTMF sequence detected. # default: disabled #pauserecordingdtmf = *9 # setting possible timeout between DTMFs for pauserecordingdtmf option default is 4 sec. #pauserecordingdtmf_timeout = 4 # pause / unpause recording when SIP message "182 Queued avaya-cm-data" is received (disabled by default) #182queuedpauserecording = no # pause / unpause audio recording based on value of defined header (disabled by default) # for pausing audio it is required value 'pause' inside defined header like (MyCustomPauseHeader: pause) inside any SIP packet # any other value in this header will unpause recording (example - MyCustomPauseHeader: unpause) #pauserecordingheader = MyCustomPauseHeader # in case you need to have ethernet encapsulation and you are sniffing on interface = any set this to = yes. # this is needed only in case you need to merge pcap files with different encapsulations. default is no # convert_dlt_sll2en10 = no # dump all packets to /tmp/voipmonitor-[UNIX_TIMESTAMP].pcap #dumpallpackets = yes # new spooldir schema stores all files to year-mon-day/hour/minute/[ALL|SIP|RTP|AUDIO] directories # if you need to have the old schema year-mon-day/* enable spooldiroldschema = yes. # enabling this feature disables cleanspool function and tar option # default = no #spooldiroldschema = no ########### cleaning spool directory #################### #cleanspool = yes # since version 8 sniffer uses different cleaning mechanism which was developed to minimize I/O operations and it also finally brings more features # each created file is indexed in SPOOLDIR/filesindex/ in hours interval and the file size is added to aggregation mysql table files. Cleaning # procedure iterates through index files and unlink files without need to scan directories. # cleaning procedure runs every hour and checks size or days according to following options. Rules are executed in this # order. If you set maxpoolsize it will wipe out the oldest data every hour until the size is reached. maxpooldays keeps # maximum number of data to set days. The same is for sip rtp and graph so you can keep sip pcaps longer than rtp pcaps. # all options can be activated at once # cleaning files can cause huge I/O from the mysql server. It is recommended to keep this default cleaning only between 1am - 5am (it is 24hour format) # default is 1-5am #cleanspool_enable_fromto = 1-5 # it is good to always have maxpoolsize = N where the N is maximum disk space you are willing to use by sniffer # all size are in MB #set default maxpoolsize to 100 GB (102400 MB) maxpoolsize = 102400 #maxpooldays = 30 #maxpoolsipsize = #maxpoolsipdays = #maxpoolrtpsize = #maxpoolrtpdays = #maxpoolgraphsize = #maxpoolgraphdays = #maxpoolaudiosize = #maxpoolaudiodays = # cleaning secondary storage maxpoolsize_2 = 102400 #maxpooldays_2 = 30 #maxpoolsipsize_2 = #maxpoolsipdays_2 = #maxpoolrtpsize_2 = #maxpoolrtpdays_2 = #maxpoolgraphsize_2 = #maxpoolgraphdays_2 = #maxpoolaudiosize_2 = #maxpoolaudiodays_2 = # clean files which are not indexed # default is no #maxpool_clean_obsolete = yes # # in case the space is below 1% and below 5GB (which is default threshold) reindexfiles procedure will be executed and cleaning will be restarted. # in case this will not help the new maxpoolsize will be set to size of current spool directory and will keep free space MIN(1% freespace, 5GB) # default is autoclean enabled, 1% free space or 5GB free space # autocleanspool = yes autocleanspoolminpercent = 1 autocleanmingb = 5 #usefull command to clean all RTP files older 7 days - this is not configuration option. # find /var/spool/voipmonitor -maxdepth 1 -type d -mtime +7 -name '20*' | (while read d; do rm -rf $d/*/*/RTP; done) ########### end storing packets into pcap files ############### # enable MOS score for G.729 codec. If enabled, all cdr with 0 packet loss and stable delays will have maximum MOS of 3.92 # and for loss and unstable delay MOS will be calculated according to ITU-T objective PESQ method for G.729 codec. # if you want to use MOS as good search value which corellates loss and delay into single value leave it disabled (which is # by default). If set to no, all calls will be calculated like it is G.711. mos_g729 = no # ITU-T P.862 PESQ mos_lqo = no mos_lqo_bin = pesq mos_lqo_ref = /usr/local/share/voipmonitor/audio/mos_lqe_original.wav mos_lqo_ref16 = /usr/local/share/voipmonitor/audio/mos_lqe_original_16khz.wav # enable saving dscp to cdr.dscp which is 32bit number. The first 8 bits are dscp (6bits) from SIP packets from caller. Next 8 bits # are from SIP packets from called. Next 8 bits are from caller RTP and last 8 bits are from called RTP. If you enable this # feature it will auto upgrade cdr table which can take long time depending on ammount of CDR in tables and I/O speed. # default is disabled dscp = yes # if you want to update destination number when callee answer for case where multiple phones (hunt group) are called within the same # SIP Call-ID enable this option which matches it based on 200 OK and SIP branch. #update_dstnum_onanswer = no # by default custom header (GUI -> settings -> CDR custom headers) is overwritten by last occurrence. if you need to keep the first occurence set this to no: #custom_headers_last_value = yes # enable saving content of custom header (typicaly in-reply-to) to cdr_next.match_header # this header is used in related CDR GUI for matching legs to onen call #matchheader = in-reply-to # enable merging calls based on matching call-id. The idea is that the second leg with different call-id has in the first INVITE # special header which has the call-id of the parent SIP call. The configuration option specifies name of that header # if you want to not expose this header you can encrypt it with secret (XOR) and encode with base64encode. If callidmerge_secret # is specified the header will be decoded with base64decode and XORed with this secret string #callidmerge_header = Parent-Call-ID #callidmerge_secret = yourSecretString # save also port in domain user@domain:port default is to only save domain without port # default is = no #domainport = yes # pcapcommand will run command after pcap file is closed (after call ends). %pcap% is substitution for real pcap file name. # execution is guaranteed to run in serialized way. # WARNING - pcapcommand is implemented by forking program which is very expensive and is causing TLB shootouts on multicore # system which can generate 500 000 interrupts / sec causing system to drop packets. Watch the performance carefuly # (with "vmstat 1" column "in"). # #pcapcommand = echo %pcap% >> /tmp/list # filtercommand will run command after each call which matches script == 1 in filter_ip or filter_telnum (capture rules in GUI) # WARNING - filtercommand is implemented by forking program which is very expensive and is causing TLB shootouts on multicore system which can generate 500 000 interrupts / sec # causing system to drop packets. Watch the performance carefuly (with "vmstat 1" column "in"). # # all non alphanum characters except '/' '#' ' ' '+' ':' '-' '.' and '@' in callid, dirname, caller, called and calldate are substituted to '_' # #filtercommand = myscript '%callid%' '%dirname%' '%caller%' '%called%' '%calldate%' # load capture rules from csv file - this file will be loaded first before mysql capture rules. First line has to contain columns name. #capture_rules_telnum_file = capturerules.csv # if enabled CDRID:num will be printed to stdout on every CDR insert #printinsertid = yes # enable monitoring IP traffic #ipaccount = no #ipaccountport = 22 #ipaccountport = 80 #ipaccountport = 443 # if https failes when upgrading the sniffer try also http #upgrade_try_http_if_https_fail = yes # set http proxy in case you want to use upgrades initiated from the GUI # curlproxy = http://192.168.0.1:8080 #-rpbsN:{file} for read packet in real speed (Read via Packet Buffer with speed N; N >= 1; 1 for real speed, 2 for speed x2 ...) # if you want to disable activechecks for sniffer in a cloud mode set following option to 0 (default is 60 seconds) #cloud_activecheck_period=60 ############################## ### Tunneling port options ### ############################## # set ports for tunnelling protocols. Default ports are set so tunnel protocols are processed by default. # You can disable this processing by setting port to zero value. # set port for TZSP (TaZmen Sniffer Protocol). Default is 37008 (0x9090). # udp_port_tzsp = 37008 # set port for Layer 2 Tunneling Protocol. Default is 1701. # udp_port_l2tp = 1701 ########################################### #database backup special mode #database_backup_from_date = 2013-09-10 #database_backup_from_mysqlhost = 127.0.0.1 #database_backup_from_mysqldb = voipmonitor #database_backup_from_mysqlusername = root #database_backup_from_mysqlpassword = rootpwd #database_backup_pause = 3 #database_backup_insert_threads = 3 #set maximum rows per backup cycle - default 10000 #database_backup_pass_rows = 10000 #sync cdr from the newest CDR id to the lowest. Default no (default is from the oldest) #database_backup_desc_dir = no #enable / disable register* tables backup - default no #database_backup_skip_register = no