VOIP Monitoring with ELK

Raj_Kumar · October 6, 2016, 12:01pm

Hi All,

Am using Elastic stack for the past few months.Found it really cool and fantastic combination.

But am now more concerned with VOIP monitoring .Is it possible to monitor the call quality and other factors like *packet loss,jitter and latency in Filebeat or Packetbeat?

Is its possible how can be done in few words?

It would be really helpful for my career.

Thanks in advance,
Raj

monica · October 6, 2016, 12:27pm

Packetbeat is currently not able to decode the SIP traffic or to measure the call quality, packet loss, jitter and latency, but we might consider adding support for SIP in the future (not on our roadmap yet) as there were a few users interested in this. You can follow the status of this request here.

Raj_Kumar · October 6, 2016, 12:32pm

Thank you Monica for the very quick reply will follow up

steffens · October 6, 2016, 2:06pm

some devices (e.g. border controllers handling both SIP calls and RTP) do log call status and voice quality information if available. Your device might provide log-files (e.g. via FTP), configurable syslog output or netflow providing stats you will require. log files you can download using a custom script and collect via filebeat/logstash. Syslog you might be able to send directly to logstash of syslog-ng/rsyslog.

Raj_Kumar · October 6, 2016, 2:27pm

Thank you Stefan,just want to be sure and I want to know If I got correctly?

If my VOIP server supports both SIP and RTP ,I should give custom script which creates log files .This log files will be having all the info like Call status and Voice quality information,then i can forward the logs to my logstash via syslog.

steffens · October 6, 2016, 9:54pm

Fells like you're mixing up options a little. As I don't know your device in details, it is up to you to figure out how to fetch data from said device.

Some options coming to mind:

download log files generated by device directly (if HTTP/FTP interface is available) and push logs via filebeat/logstash. Some devices might generate CSV-files
if filebeat can run on device, you can use it to collect logs directly. But I would advise not todo so, as resources on devices might be pretty precious already
configure device syslog output (if available) to point to custom syslog or directly to logstash. With syslog I'm meaning the syslog network protocol.
If device publishes stats via netflow search for a netflow collector (I think there is a community plugin for logstash as well)
if device support poll like interface like (HTTP, SNMP) see if you can find a collector getting these data.

It must not only be one device. In VOIP networks some devices might only handle SIP and others will only do RTP. Find the devices closes to the border of your network and try to collect data one way or the other.

There are some commercial VOIP monitors also using packet sniffing like packetbeat does. But adding an RTP analyzer to packetbeat is definitely not a trivial task + deployment can be quite a pain as concurrently analyzing a few thousands calls might be quite resource intensive.

Raj_Kumar · October 11, 2016, 8:19am

Thank you Steffen for your valuable input

system · October 27, 2016, 12:01pm

This topic was automatically closed after 21 days. New replies are no longer allowed.