A Linux PC's built-in IP router and firewall, NetFilter, can be a useful tool for logging VoIP traffic.
In a scenario where several satellite offices on a WAN (or the Internet) are linked together as an IP telephony network, origin- and destination-based logging is crucial, because it will tell you which office is using the most VoIP capacity, which is using the least, and when it's all being used.
When a Linux NetFilter firewall is used to protect a group of enterprise VoIP servers or just as a gateway router for a segment where VoIP is used, a lot of VoIP-related events can be monitored and logged. Logging from the firewall is useful for the security-minded, but it's important for other reasons, too. It lets you get a feel for which remote networks and hosts are communicating with your VoIP services and how often they are doing this. This will improve your understanding of bandwidth consumption and traffic patterns on your network, besides giving you a keener awareness of security.
NetFilter's default configuration provides for no logging. If you want a particular type of packet logged—say, from a specific network or on a specific port—you must tell NetFilter to log it. When a packet is logged, its pertinent information is sent to syslog to be stored. syslog is the system-wide logging daemon that is a staple in most Unix-variant operating systems.
Logging packets using NetFilter doesn't save the contents of the packets—just information ...