#
# voipmonitor.org configuration file
#
# location of this file is at ~/.voipmonitor.conf or /etc/voipmonitor.conf
# command line parameters overrides configuration directives in this file
# allowed comments are ; or #. 
# 
# voipmonitor automatically reads all configuration files in /etc/voipmonitor/conf.d/* which must NOT have [general] section in it
#

[general]

# in case of running more voipmonitor instances on the same or another servers configured to save to one database and the same cdr table
# it is possible to differentiate CDR by id_sensor column. If you set id_sensor >= 0 the number will be saved in cdr.id_sensor column.
# The number is between 1 - 65535 (16bit number) 

#id_sensor = 1


################## START DATABASE CONFIGURATION ###############

# SQL driver - mysql is default or odbc (connecting voipmonitor to msssql please refer to README.mssql
sqldriver = mysql
#sqldriver = odbc
#odbcdriver = mssql
#odbsdsn = voipmonitor
#odbcuser = root
#odbcpass = 

# mysql server can be IP or hostname 
mysqlhost = 127.0.0.1
mysqlport = 3306
mysqlusername = root
mysqlpassword =

# mysql database - will be created automatically if it does not exists
mysqldb = voipmonitor

# use partitioning cdr* tables by day. If you have schema without partitioning, you MUST start with new database. default is = yes
cdr_partition = yes

# mysql table compression (default enabled)
mysqlcompress = yes

# load configuration from database - (from table sensor_conf) by id_sensor (SELECT * FROM sensor_conf WHERE id_sensor = N)
# if you do not set id_sensor and mysqlloadconfig is enabled it will load first row in database with id_sensor IS NULL
# configuration in this file is loaded FIRST then is OVERWRITEN by settings in MySQL! 
# if this configuration option is not set default is enabled 
mysqlloadconfig = yes

# disable partition creation which runs every 12 hours. If you have multiple sensors storing to one database it is redundant to create partitions by all sensors. Default = no
#disable_partition_operations = yes

# In case you need to create partitions back to 90 days for example use this option. This is useful when you want to migrate data. This will create partitions only if table does not exists
#create_old_partitions = yes | no
#create_old_partitions_from = 90 

# if you do not want to save cdr.callend = calldate + duration for some reason (you do not want to upgrade cdr, set it to no). Default is yes
sqlcallend = yes


######## SQL queues fine tuning 
# the sniffer uses stored procedure which is created on the fly with concatenated number of messages to overcome network latency limit 
# this queue is by default 400. 
# there are several internal sql queues for cdr, message, register, files(cleaning), http, ipaccount. 
# specific queues mysqlstore_concat_limit_* overrides the global mysqlstore_concat_limit
#mysqlstore_concat_limit = 400
#mysqlstore_concat_limit_cdr = 400
#mysqlstore_concat_limit_message = 400
#mysqlstore_concat_limit_register = 400
#mysqlstore_limit_queue_register = 1000000
#mysqlstore_concat_limit_http = 400
#mysqlstore_concat_limit_ipacc = 400

# each queue is by default served by one thread and this is not enough for high traffic. If the queue is rising
# even though your mysql server configuration is already set innodb_flush_log_at_trx_commit = 2 you should consider
# to rise number of threads which are automatically created if the queue is > 1000. Take in mind that each thread 
# creates new connection to mysql server. If any of queue is < 1000 the thread and mysql connection is released. 
# number of threads are limited to number 9 so even you set it >9 it will be set to 9
#mysqlstore_max_threads_cdr = 2
#mysqlstore_max_threads_message = 2
#mysqlstore_max_threads_register = 2
#mysqlstore_max_threads_http = 2

##### cleaning database #########

# Removes cdr* partitions older then set number of days. If set to 0 it is disabled (default) 
#cleandatabase_cdr = 0 

#Removes register_state partitions older then set number of days. If set to 0 it is disabled (default) 
# cleandatabase_register_failed = 0

# Removes cleandatabase_register_failed partitions older then set number of days. If set to 0 it is disabled (default) 
# cleandatabase = 0

# Sets cleandatabase_cdr and cleandatabase_register_state and cleandatabase_register_failed to the same values. Configuration first look at cleandatabase parameter  then it looks for other cleandatabase_* parameters. 
#cleandatabase = 0

###########  END DATABAE CONFIGURATION #################


# voipmonitor is able to sniff directly on network interface or it can read files. 

# listening interface. Can be 'any' which will listen on all interfaces - NOTE that "any" will not put interfaces into promiscuous mode 
# and you have to do it with "ifconfig eth0 promisc"
# you can also sniff on multiple interfaces by providing list of them delimited by ',' example: interface = eth0,eth1

#interface = eth0,eth1
#interface = any

interface = eth0

# put interface to promiscuouse mode so it can sniff packets which are not routed directly to us (it will not work if you use interface = any)
promisc = yes

# Pcap filter. If you want to sniff only UDP SIP, put here 'udp'. Warning: If you set protocol to 'udp' pcap discards VLAN packets. Maximum size is 2040 chars
# udp or (vlan and udp) will capture all tagged and untagged UDP packets
# WARNING - if you need to sniff IPinIP (like mirrored packets from voipmonitor) filter = udp will filter all those packets. In this case just disable filter. 

#filter = udp or (vlan and udp)

# default threading_mod = 1 uses one thread for reading from interface doing deduplication at once
# threading_mod = 2 (which is automatically set if you have multiple interfaces (interface = eth0,eth1,...) reads from each interface
# in separate thread which is better option on multi core systems than interface = any 
# threading_mod = 3 will do deduplication (if enabled) in separate thread which is needed for high traffic
# threading_mod = 4 will do deduplication in more than one threads - use this option if you enable deduplication and your traffic is over 100Mbit 

#threading_mod = 1

# since version 8 sniffer implements new mirroring option. Sender is packing data to compressed stream over the 
# TCP to remote sniffer. 
# if you are going to use this sniffer only as a mirroring sniffer all you need is to set interface, packetbuffer_*
# set compression on and set packetbuffer_file_* so in case the connection to remote sniffer will die or will be 
# temporarily slow the sender will not loose single packet. The mirroring is trying to reconnect in case of 
# failure. Packets are mirrored including the the original timestamp and headers. 
# this mirroring hopefully replaces pcapscandir feature which will be probably removed in favor of this approach. 

# here set the sending (mirroring). The sender needs to set only interface, ringbuffer, packetbuffer_*, filter
# and this two folling mirror_destination_* 
#mirror_destination_ip          =
#mirror_destination_port        =

# here set the receiver and do not forget to set firewall so no other except the sender will be able to connect
# to the receiver
#mirror_bind_ip               =
#mirror_bind_port             =

# scan pcap files folder and read file by file. This is in conjuction with running tcpdump which creates pcap file each 
# 5 seconds (-G 5) storing pcap files named by UNIX_TIMESTAMP to /dev/shm/voipmonitor folder (do not forget create it) 
# using 1GB ring buffer to avoid losing packets (-B500000 - you can lower it but not higher) filtering udp packets (udp 
# parameter whcih you can change to your needs). voipmonitor then reads created files (and delete it after processing. 
# This approach can be used for testing throughput or for very high voip traffic (>500Mbit). If the sniffer is able to 
# process pcap files in realtime - there will be in /dev/shm/voipmonitor folder only one or two pcap files. If the sniffer 
# is not able to process in realtime (blocking by I/O or by CPU) number of pcap files will grow faster then the sniffer
# is able process. 
#
# WARNING: libpcap < 1.1 contains memory leak when pcap filter is set - do not set filter in this config or upgrade libpcap to the latest (debian 6 libpcap contains the leak) 
# static compiled voipmonitor from voipmonitor.org contains the latest libpcap 
#
# tcpdump example command:
# nice -n -20 tcpdump -B500000 -i eth2 udp -G 5 -w /dev/shm/voipmonitor 2>/dev/null 1>/dev/null &
#scanpcapdir = /dev/shm/voipmonitor

# When scanpcapdir is being used, voipmonitor will by default read any new file
# that is created in that directory as soon as the file is closed.  This is
# the normal setting if your packet capture software is tcpdump.  If you are
# using a different packet capture software, you may need to change this
# setting to "rename" if that software writes to a temporary file, closes it,
# and then renames it to something else after the file is closed.
#
# Default setting is "newfile"
#scanpcapmethod = newfile

# in case the SIP(media) server is behind public IP (1.1.1.1) NATed to private IP (10.0.0.3) to sniff all traffic correctly you can 
# specify alias for this case. You can specify more netaliases duplicating rows. 
# in most cases this is not necessary because voipmonitor is able to track both RTP streams based on the other side IP. But 
# if the stream is incoming from another IP then SIP source signalization and also from another IP than the SIP device which is 
# also behind NAT its impossible to track the correct IP. Please note that this is for case where the SIP server is behind NAT
# and also the client is behind NAT. If your SIP server has public IP do not bother with this. 
#natalias = 1.1.1.1 10.0.0.3
#natalias = 1.1.1.2 10.0.0.3
#natalias = 1.1.1.3 10.0.0.4

# NAT helper: 
# if voip SIP device (with source IP 1.1.1.1) sends in SDP that it wants RTP for example to 10.0.0.1 and port 
# 10000 the call also sniff RTP from 1.1.1.1:10000 or to 1.1.1.1:10000 which does more problems than it solves. 
# Now this behaviour is changed and if you need this option back you can enable it 
# default no
#sdp_reverse_ipport = yes

# define bind address for manager interface. Default is 127.0.0.1 
# it is not recommended to change this unless really needed due to 
# security. If you need it on some other IP make sure you set firewall
# and change the standard port for better security
#managerip = 127.0.0.1

# classify number without leading 00 or + to country according to local_country_code configuration option which is in ISO 3166-1 alpha-2
# format http://cs.wikipedia.org/wiki/ISO_3166-1. Default is local 
#local_country_code = local
#local_country_code = US

# define TCP manager port
managerport = 5029

# connects to server and listen for commands
#managerclient = serverip or hostname
#managerclientport = 1234

# define SIP ports wihch will voipmonitor liste. For each port make new line with sipport = port (multiple lines)
sipport = 5060
#sipport = 5061
#sipport = 5062

# enable storing sip source and destination port to database so the port from INVITE can be searched 
cdr_sipport = yes

# enable storing RTP destination port to database 
cdr_rtpport = yes

# If remotepartyid set to yes the SIP Remote-Party-ID is taken into account when storing caller/called number into the database. 
# If callerid is anonymous and Remote-Party-ID is present the number is always taken from Remote-Party-ID if present regardless on the remotepartyid option. 
#remotepartyid = no

# take number from INVITE URI or To: SIP header. If destination_number_mode = 1 It will always save number from To: header. 
# if destination_number_mode = 2 it will take number from INVITE URI. 
# default: destination_number_mode = 1
#destination_number_mode = 1

# end call after N seconds (default is 4 hours = 4 * 3600). This prevents creating giant pcap files and memory growing for 
# calls where RTP stream stucked indefinitely . 
# if call is ended due to this itmeout in the cdr.bye will be number 102
absolute_timeout = 14400

# end call after N seconds (default is 20 minutes = 20 * 60) after receiving SIP BYE message no matter how many RTP packets
# arrives after SIP BYE. 
destroy_call_at_bye = 1200

# onewaytimeout ends sip call after set seconds which does not receive any reply from the other side. 
# technically it takes sip source ip address from first invite/register and if there is no other sip source ip different 
# from the first source ip the call will be terminated after onowaytimeout seconds.
# if a call is terminated due to this timeout in cdr.bye column will be 101. 
# purpose of this timeout is to release memory as soon as possible in case there is some flood INVITE which does not 
# have any reply. Another reason is when mirroring is set incorrectly and the sniffer sees only one side of a SIP 
# signalization. 
# if onowaytimeout is not set default is 15. 
onewaytimeout = 15

# sipwithoutrtptimout is used when the SIP call does not have any asoociated RTP to prevent zombie sip calls like
# when BYE or CANCEL is missing so the call has to timeout at some point. Default value is 1 hour (3600 seconds)
# if you have longer calls in your network you need to increase this value. Previosly rtptimeout parameter was 
# used. 
#sipwithoutrtptimout = 3600

# rtptimeout will close call only if the call register any RTP packet and there is no SIP or RTP/RTCP packet activity 
# within the rtptimeout. (if the call has no RTP packet this timeout is not applied, lok for sipwithoutrtptimeout).
# the rtptimeout is to prevent zombie calls in voipmonitor memory. Recommended value is 5 minutes (300 seconds). 
#rtptimeout = 300

# ringbuffer is circular memory queue directly in kernel memory space. libpcap is reading from this queue and 
# delivers packets to voipmonitor. If the network rate is > 100 Mbit we recommend to set ringbuffer to at least 500
# maximum value is 2000 MB. 
# default 50 MB
ringbuffer = 50

# packet buffer is new voipmonitor buffering architecture (since version 8). If enabled new threads are created 
# which raads packets from kernel ringbuffer and queues them into dynamically allocated memory. Packets are 
# dequeued and passed to next threads which reads the content. This will ensure that kernel ringbuffer will 
# not overrun due to CPU or disk I/O spikes.
#   packet buffer will dynamically grow until packetbuffer_total_maxheap is reached. Compression can be enabled 
# (packetbuffer_compress) which compress the buffer with fast snappy algorythm with 50% compression ratio thus 
# doubling the time when the buffer gets filled (600Mbit traffic consumes ~30% one one core Xeon E5-2620).
#   It is also possible to use disk buffer if the packet buffer memory is filled by enabling 
# packetbuffer_file_totalmaxsize which is usefull when sniffer is only mirroring data over TCP to another 
# sniffer - if the connection brakes or slowed down and packet buffer gets filled it will start using file 
# buffer until the connection reestablishes so no single packet is lost. Enabling file buffer in non mirroring 
# mode to the same disk as spooldir will get not much benefit because if the process is blocked mainly due to 
# disk I/O it has no benefit to add more I/O by caching unprocessed packets to the same I/O layer. 

packetbuffer_enable             = yes
packetbuffer_total_maxheap      = 2000 #in MB 
packetbuffer_compress           = yes #enable compression 

packetbuffer_file_totalmaxsize  = 0 #MB. Default is disabled. 
packetbuffer_file_path          = /var/spool/voipmonitor/packetbuffer

# number of threads to process RTP packets. If not specified it will be number of available CPUs.
# If equal to zero RTP threading is turned off. 
# For < 150 concurrent calls you can turn it off"
#default = 0 

#rtpthreads = 0

# jitter buffer simulator variants. By default voipmonitor uses three types of jitterbuffer simulator to compute MOS score. 
# First variant is saved into cdr.[ab]_f1 and represents MOS score for devices which has only fixed 50ms jitterbuffer. 
# Second variant is same as first but for fixed 200ms and is saved to cdr.[ab]_f2
# Third varinat is adaptive jitterbuffer simulator up to 500ms
# Jitterbuffer simulator is the most CPU intensive task which is voipmonitor doing. If you are hitting CPU 100% turn
# off some of the jitterbuffer simulator. I'm recomending to use only fixed 200ms if you need to save some CPU cycles. 
#jitterbuffer_f1 = no
#jitterbuffer_f2 = yes
#jitterbuffer_adapt = no

# Packet loss concealment (PLC) is a technique to mask the effects of packet loss in VoIP communications.
# Because the voice signal is sent as packets on a VoIP network, they may travel different routes to get to destination.
# At the receiver a packet might arrive very late, corrupted or simply might not arrive.
# One of the cases in which the last situation could happen is where a packet is rejected by a server which has a full buffer
# and cannot accept any more data.
# default no.
#plcdisable = no

# callslimit will limit maximum numbers of calls processed by voipmonitor at the same time. If calls are over limit 
# it will be ignored (INVITE) 
#callslimit = 0

# in case SIP session travels accross several proxies (and Call-ID header DOES not change) and you would like to track 
# all sip proxies and make them searchable in GUI / database.  If disabled cdr will store to destination sip 
# column destination IP from the first INVITE. If enabled there will be destination IP from the latest invite and all 
# proxy ip will be stored in cdr_proxy table. 
# default enabled
cdrproxy = yes

# this option allows to skip storing cdr.a_ua and cdr.b_ua - this is workaround for those who has extreme cdr rate and 
# number of user agents in database is over 1000 and CPU is not powerfull enough to store cdr in real time. In future
# this option will be removed once we optimize this rutine. 
#cdr_ua_enable = yes

# this is important option if voipmonitor is sniffing on SIP proxy and see both RTP leg of CALL.
# in that case use this option. It will analyze RTP only for the first LEG and not each 4 RTP
# streams which will confuse voipmonitor. Drawback of this switch is that voipmonitor will analyze
# SDP only for SIP packets which have the same IP and port of the first INVITE source IP
# and port. It means it will not work in case where phone sends INVITE from a.b.c.d:1024 and
# SIP proxy replies to a.b.c.d:5060. If you have better idea how to solve this problem better
# please contact support@voipmonitor.org
rtp-firstleg = no

# SSRC in RTP headers must not equal zero according to RFC so voipmonitor is ignoring such RTP by default. 
# If you still need to parse such packets enable it
# default = no
#allow-zerossrc = yes

# duplicate check do md5 sum for each packet and if md5 is same as previous packet it will discard it
# WARNING: md5 is expensive function (slows voipmonitor 3 times) so use it only if you have enough CPU or 
# for pcap conversion only . Default is no. 
#deduplicate = yes

# prior verison 8.0.1 deduplicate was comparing only data without ip header and udp header so duplicate packets 
# was matched also in case the IP addresses differes. This was good for some cases but it leads to completely 
# ignore RTP streams in other cases. Now default option is to check duplicates based on not only data but ip headers 
# too. To change this set deduplicate_ipheader = no
# default = yes
#deduplicate_ipheader = yes

# enable/disable updating called number from To: header from each caller INVITE. Default is enabled so it supports overlap dialing (RFC 3578)
# if you want to disable this behaviour and see always number only from the first INVITE set sipoverlap = no
#sipoverlap = yes

# save sip REGISTER messages
sip-register = no

# wait only N seconds for reply on first register then remove from memory. (default is 5 seconds)
sip-register-timeout = 5

# if mysql binlog is enabled, skip binlog inserts into active table (which is MEMORY type)
# if you still want to replicate this too (huge I/O impact) set it to = no
sip-register-active-nologbin = yes

# if yes, voipmonitor will not save CDR to MySQL 
nocdr = no

# if yes, all SIP calls will be ignored unless capture rules set skip flag based on IP or Tel. numbers (mysql.filter_*) 
#skipdefault = yes

# write CDR to database only if call was answered
# default = no
#cdronlyanswered = yes

# when storing CDR check if there is the same CDR with the same sip.Call-ID and replace it if the new one contains RTP and the old one not
# this option is intended for case where you need to mirror SIP signalling to RTP media nodes and every RTP voipmonitor node sends CDR based 
# on the same SIP thus diplicating CDR and only one CDR have RTP associated. 
# default is off
#cdr_check_exists_callid = yes

# write CDR to database only if call has RTP 
# default = no
#cdronlyrtp = yes

###############################################################################
# cisco skinny protocol (SCCP)                                                #
###############################################################################

# disabled by default (TCP port 2000)
#skinny = no

# some cisco call manager is configured to receive call always on the same UDP port which results in one-way recordings or mixed recordings. In this case
# set this option to IP address of the cisco call manager. This also assumes that cisco phones uses the same UPD port for receiving and sending RTP 
# (symmetric RTP) 
#skinny_ignore_rtpip = 10.1.1.1

###############################################################################
#       storing packets into pcap files                                       #
###############################################################################

# limit pcap file size (in MB) 
# default disabled. 
#maxpcapsize = 500

# directory where all files (pcap|wav|graph) are stored 
spooldir = /var/spool/voipmonitor

# pcap_dump_bufflength uses buffer in bytes for every open file. It helps to prevent randowm write for each SIP / RTP packet. 
# Optimal and default value are 8184 Bytes. 
pcap_dump_bufflength = 8184

# compress all pcap files on the fly. This is new method (since >=9.4) which compresses data before any write is done to disk greatly reducing 
# I/O writes. 
pcap_dump_zip = yes

# number of threads used for compressing. Default is 1. Number of threads automatically grows once threads consumes >95% CPU
pcap_dump_writethreads = 1
# number of threads are limited by MIN(number of available CPU, pcap_dump_writethreads_max, 32)
pcap_dump_writethreads_max = 32

# pcap_dump_asyncwrite copy packets before it gets writen into queue which are asynchronously written to files. This prevents 
# packets to be dropped due to I/O blocks until all async buffer RAM is consumed which is by default 100MB - increase this to 
# bigger value if you have enough ram (1000 or 2000 etc.) 
pcap_dump_asyncwrite = yes
pcap_dump_asyncwrite_maxsize = 100

# pcap_dump_ziplevel - default is Z_DEFAULT_COMPRESSION which is in fact number 6. 9 is highest compression but slowest, 1 is the fastest compression
# but produces bigger files. 
#pcap_dump_ziplevel = 9


# store pcap and graph file to <cache/dir> and move it after call ends to spool directory. Moving all files are guaranteed to be serialized which 
# helps with slow random write I/O on spin or other media. Typical cache directory is /dev/shm/voipmonitor which is in RAM or /mnt/ssd/voipmonitor 
# which is mounted to SSD disk or some very fast SAS/SATA disk where spool can be network storage or raid5 etc. 
#cachedir = /dev/shm/voipmonitor

# openfile_max overrides default max open files which is 65535
#openfile_max = 300000

# list characters that should be converted to underscore (_) in filenames
# if you want to include space, put it between other characters, like ': :' (will convert ':' and ' ' to '_')
# default is none
#
# example - avoid ':' when Call-Id contains port number
#convertchar = :

# save SIP packets to pcap file
savesip = yes		

# save RTP packets to pcap file. savertp = yes automatically saves RTCP packets
# you can also save only RTP header without AUDIO: savertp = header
# if save RTP is aneblad it will also save UDPTL packets (used for T.38) 
# you can also set savertp = no and control what calls will record RTP in mysql table filter_ip or filter_tel 
# which is controled in GUI -> Capture rules. Sending reload command will reload configuration from filter_* 
# table. You can also set savertp = yes but denies recording RTP based on rules in filter_* table. 
savertp = yes
#savertp = header

# voipmonitor by default splits SIP and RTP packets to individual files (in case spooldiroldschema = no) which are
# located in SIP and RTP directories. This feature allows instance cleaning RTP streams differently then SIP packets 
# to join two pcap files SIP+RTP use mergecap command line utility which is included in wireshark package 
# default = yes | spooldiroldschema must be set to no
#pcapsplit = yes

# save UDPTL packets (T.38). If savertp = yes the UDPTL packets are saved automatically. If savertp = no and you want 
# to save only udptl packets enable saveudptl = yes and savertp = no
#saveudptl = yes

# save RTCP packets to pcap file
savertcp = yes

# save RTP payload to audio file. Choose 'wav' for WAV PCM or 'ogg' for OGG 25kbps format. 
# please note that this has great impact on I/O and can overload your storage leading to lose packets. Better way is to store only sip+rtp and 
# convert wav files on demand. 
#saveaudio = wav

# save caller in left channel and called in right channel. Default enabled. If disabled caller and called are mixed into mono. 
saveaudio_stereo = yes

# by default wav file is stereo where left channel is caller and right channel is called. if you want to swap left right enable saveaudio_reversestereo
# default is no 
#saveaudio_reversestereo = no

# ogg quality - from -0.1 to 1.0 (low to best) - this affect size of the OGG 
ogg_quality = 0.4 

# default path to WEB GUI used to construct path to key check for codecs
# default paths:
#keycheck = /var/www/voipmonitor/php/keycheck.php
#keycheck = /var/www/html/voipmonitor/php/keycheck.php

# in case you are not saving RTP at all but you still want to save DTMF carried over RTP packets (RFC2833) 
# you can enable this option. This feature slows down a bit processing RTP packets in main read thread 
# in casse voipmonitor runs in threads. 
# default = 0
#saverfc2833 = 0

# Enable storing DTMF (SIP INFO or RFC2833) to cdr_dtmf database. It will store DTMF time and key
# then it will be shown in SIP history in the GUI 
# default is 0
#dtmf2db = 0

# save graph data for web GUI. 
savegraph = yes

# if any of SIP message during the call contains header X-VoipMonitor-norecord call will be not converted to wav and pcap file will be deleted.
#norecord-header = yes

# if any of SIP message during the call contains DTMF INFO sequence "*0" call will be not converted to wav and pcap file will be deleted.
# default: disabled
#norecord-dtmf = yes

# enable pausing RTP/WAV recording if DTMF sequence detected. 
# default: disabled
#pauserecordingdtmf = *9

# in case you need to have ethernet encapsulation and you are sniffing on interface = any set this to = yes. 
# this is needed only in case you need to merge pcap files with different encapsulations. default is no
# convert_dlt_sll2en10 = no

# dump all packets to /tmp/voipmonitor-[UNIX_TIMESTAMP].pcap 
#dumpallpackets = yes

# new spooldir schema stores all files to year-mon-day/hour/minute/[ALL|SIP|RTP|AUDIO] directories 
# if you need to have the old schema year-mon-day/* enable spooldiroldschema = yes. 
# default = no
#spooldiroldschema = no

########### cleaning spool directory  ####################

# since version 8 sniffer uses different cleaning mechanism which was developed to minimize I/O operations and it also finally brings more features 
# each created file is indexed in SPOOLDIR/filesindex/ in hours interval and the file size is added to aggregation mysql table files. Cleaning 
# procedure iterates through index files and unlink files without need to scan directories. 

# cleaning procedure runs every hour and checks size or days according to following options. Rules are executed in this
# order. If you set maxpoolsize it will wipe out the oldest data every hour until the size is reached. maxpooldays keeps
# maximum number of data to set days. The same is for sip rtp and graph so you can keep sip pcaps longer than rtp pcaps. 
# all options can be activated at once

# cleaning files can cause huge performance I/O drop during your peaks and in this case it is recommended to set cleaning outside your peaks
# following example will run cleaning only between 1am - 5am (it is 24hour format) 
#cleanspool_enable_fromto = 1-5

# it is good to always have maxpoolsize = N where the N is maximum disk space you are willing to use by sniffer 
# all size are in MB

#set default maxpoolsize to 100 GB (102400 MB)

maxpoolsize		= 102400
#maxpooldays		= 30

#maxpoolsipsize		= 
#maxpoolsipdays		=

#maxpoolrtpsize		=
#maxpoolrtpdays		=

#maxpoolgraphsize	=
#maxpoolgraphdays	=

# clean files which are not indexed
# default is no
#maxpool_clean_obsolete = yes

#
# in case the space is below 1% and below 5GB (which is default threshold) reindexfiles procedure will be executed and cleaning will be restarted. 
# in case this will not help the new maxpoolsize will be set to size of current spool directory and will keep free space MIN(1% freespace, 5GB)
# default is autoclean enabled, 1% free space or 5GB free space
#
autocleanspool = yes
autocleanspoolminpercent = 1
autocleanmingb = 5

#usefull command to clean all RTP files older 7 days - this is not configuration option. 
# find /var/spool/voipmonitor -maxdepth 1 -type d -mtime +7 -name '20*' | (while read d; do rm -rf $d/*/*/RTP; done)

########### end storing packets into pcap files ###############

# enable MOS score for G.729 codec. If enabled, all cdr with 0 packet loss and stable delays will have maximum MOS of 3.92 
# and for loss and unstable delay MOS will be calculated according to ITU-T objective PESQ method for G.729 codec. 
# if you want to use MOS as good search value which corellates loss and delay into single value leave it disabled (which is 
# by default). If set to no, all calls will be calculated like it is G.711. 
mos_g729 = no

# ITU-T P.862 PESQ 
mos_lqo = no
mos_lqo_bin = pesq
mos_lqo_ref = /usr/local/share/voipmonitor/audio/mos_lqe_original.wav
mos_lqo_ref16 = /usr/local/share/voipmonitor/audio/mos_lqe_original_16khz.wav

# enable saving dscp to cdr.dscp which is 32bit number. The first 8 bits are dscp (6bits) from SIP packets from caller. Next 8 bits
# are from SIP packets from called. Next 8 bits are from caller RTP and last 8 bits are from called RTP. If you enable this 
# feature it will auto upgrade cdr table which can take long time depending on ammount of CDR in tables and I/O speed. 
# default is disabled
dscp = yes

# if you want to update destination number when callee answer for case where multiple phones (hunt group) are called within the same 
# SIP Call-ID enable this option which matches it based on 200 OK and SIP branch. 
#update_dstnum_onanswer = no

# enable storing custom sip headers to database column cdr_next.custom_header_headername. You can specify more headers 
# delimited by ";". WARNING - when you enable this feature voipmonitor will autoupgrade cdr_next table which can take 
# hours depending on how large the table is. In GUI there is new section Settings#Custom_headers.
# WARNING - when you enable this feature voipmonitor will autoupgrade cdr_next table which can take hours depending on how large the table is
# INFO: in GUI there is new section in Settings - http://www.voipmonitor.org/doc/Settings#Custom_headers
#custom_headers = X-asterisk-Info ; X-myheader

# analogical for SIP message is custom_headers_message
#custom_headers_message = X-asterisk-Info ; X-myheader

# by default custom header is overwritten by last occurrence. if you need to keep the first occurence set this to no:
#custom_headers_last_value = yes

# enable saving content of custom header (typicaly in-reply-to) to cdr_next.match_header
# this header is used in related CDR GUI for matching legs to onen call 
#matchheader = in-reply-to

# enable merging calls based on matching call-id. The idea is that the second leg with different call-id has in the first INVITE 
# special header which has the call-id of the parent SIP call. The configuration option specifies name of that header
# if you want to not expose this header you can encrypt it with secret (XOR) and encode with base64encode. If callidmerge_secret
# is specified the header will be decoded with base64decode and XORed with this secret string
#callidmerge_header = Parent-Call-ID
#callidmerge_secret = yourSecretString


# save also port in domain user@domain:port default is to only save domain without port
# default is = no
#domainport = yes

# pcapcommand will run command after pcap file is closed (after call ends). %pcap% is substitution for real pcap file name. 
# execution is guaranteed to run in serialized way. 
# WARNING - pcapcommand is implemented by forking program which is very expensive and is causing TLB shootouts on multicore 
# system which can generate 500 000 interrupts / sec causing system to drop packets. Watch the performance carefuly 
# (with "vmstat 1" column "in"). 
#
#pcapcommand = echo %pcap% >> /tmp/list

# filtercommand will run command after each call which matches script == 1 in filter_ip or filter_telnum (capture rules in GUI) 
# WARNING - filtercommand is implemented by forking program which is very expensive and is causing TLB shootouts on multicore system which can generate 500 000 interrupts / sec 
# causing system to drop packets. Watch the performance carefuly (with "vmstat 1" column "in"). 
#
# all non alphanum characters except '/' '#' ' ' '+' ':' '-' '.' and '@' in callid, dirname, caller, called and calldate are substituted to '_' 
#
#filtercommand = myscript '%callid%' '%dirname%' '%caller%' '%called%' '%calldate%'

# if enabled CDRID:num will be printed to stdout on every CDR insert 
#printinsertid = yes

# enable monitoring IP traffic 
#ipaccount = no
#ipaccountport = 22
#ipaccountport = 80
#ipaccountport = 443

# if https failes when upgrading the sniffer try also http 
#upgrade_try_http_if_https_fail = yes

# set http proxy in case you want to use upgrades initiated from the GUI
# curlproxy = http://192.168.0.1:8080

#-rpbsN:{file} for read packet in real speed (Read via Packet Buffer with speed N; N >= 1; 1 for real speed, 2 for speed x2 ...)