This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Chapter 10: Security and Monitoring
dmesg’s output is flat text that you can redirect to a file. Suppose you wanted to iso-
late the traffic prefixed with Chicago into a file by itself:
# dmesg | grep Chicago >chicagoVoIP.txt
Or better yet, email that log to somebody, perhaps so they can import it into a
spreadsheet for further analysis. In the following example, pressing Ctrl-C will stop
the dmesg application and an email will be sent containing the Chicago entries:
# dmesg | grep Chicago | mail chicagoVoIPadmin@oreilly.com
Simple Network Management Protocol is a lightweight method of collecting traffic
and performance data from network devices such as servers and switches. Different
kinds of data use different parameter schemas, called management information
bases, or MIBs. MIBs define how SNMP refers to metafields specific to a certain kind
of data, such as Ethernet traffic or DNS-lookup statistics.
MIBs exist for SIP (http://www.iana.org), VOCAL (http://www.vovida.org), MEGACO
(http://www.ietf.org), and other VoIP technologies. There are some useful VoIP-related
SNMP monitoring tools (OpenNMS, Multirouter Traffic Grapher, etc.) that can be
customized to make use of these MIBs, too. There isn’t yet a fully integrated SNMP
MIB for Asterisk, though, which leaves Asterisk administrators only one performance
data-collection option: log reading. Fortunately, Asterisk is very flexible in the logging
iptables rules often have a target specified by the -j TARGET option, which tells NetFilter
what to do with the packets matched by the rule. Some useful targets are:
Log the packet according to your system’s kernel-logging configuration.
Don’t accept the matched packet, and send an error packet in response.
Don’t accept the matched packet, and don’t send any response.
A target used with the mangle table to alter DSCP code points and classes in
A target used with the mangle table to alter IP Type of Service headers in packets.
There are dozens more options that can help you leverage iptables in Voice over IP.
Refer to the iptables manpage for more details.