北京赛车黑马人工计划

Logging

Contents

Messages from GNU GPL sniffer sensor service

Voipmonitor北京赛车黑马人工计划 by default uses 'daemon' facility of a syslog to store status messages.

Default location

debian/ubuntu

it is stored to /var/log/syslog

on centos/rh

/var/log/messages

Messages file Change

You can find useful to store status info from voipmonitor to different file: For rsyslog use this in /etc/rsyslog.conf

if $programname == 'voipmonitor' and $syslogseverity <= '7' then /var/log/voipmon.log
& ~

Status line details

calls

北京赛车黑马人工计划calls[14527,r:5241][14428,r:5350] absolute calls counter. this counts structs in memory for invites(call-ids) and r:for registers. in second bracket is amount of structs before final packets processing.

PS

call/packet counters per second.

C : number of calls / second, X/-Y: X is number of newly created structs for calls, Y is amount of removed structs
r : number of registers /second, X/-Y X is number of newly created structs for registers, Y is amount of removed structs
S : X/Y - X is number of valid SIP packets / second on sip ports. Y is number of all packets on sip ports. 
SR: number of SIP register packets,  
SM: number of SIP messages packets,  
R : number of RTP packets / second of registered calls by voipmonitor per second.
A : all packets per second

SQLq/SQLf

C=CDR_queue 
M=Message_queue
R=Register_queue
L=LiveSniffer_queue
Cl=Cleanspool queue

SQLf reported北京赛车黑马人工计划 when query_cache enabled in sensors config

heap[A|B|C]

A: number of % of used heap memory.If 100 voipmonitor is not able to process packets in realtime due to CPU or I/O. 
B: number of % used memory in packetbuffer. 
C: % used for async write buffers (if 100% I/O is blocking and heap will grow and than ring buffer will get full and then packet loss will occur)

[Mb/s]

total network throughput

t0i_dag0_CPU

北京赛车黑马人工计划[2614.7mb/s;24.8%/19.6%] throughput thru this 'dag0' interface 2614.7mb/s usage of reading thread from this interface 24.8% usage of thread making blocksof packets for processing with t0 thread 19.6% (this stat is printed per sniffing interface where packets were visible)

t0CPU

this is %cpu utilization for thread 0. thread 0 is process reading from kernel ring buffer. once it is over 90% it means that the current setup is hitting limit processing packets from network card. please write to support@tomcovafarm.com if you hit this limit.

t1CPU

this is %cpu utilization for thread 1. thread 1 is process reading packets from thread 0, adding it to the buffer and compress it (if enabled).

tarQ

number of files in a queue

tarB

北京赛车黑马人工计划mbs in tar buffer

tarCPU

北京赛车黑马人工计划threads used for taring - its consumption

t2CPU

pb:10.5/	- packetbuffer - out of the buffer
d:39.2/		- structs create for processing in t2
s:24.6/		- SIP - parse
e:17.3/		- SIP - calls/messages search, struct creation
c:6.8/		              - process_packets - calls/messages
g:6.4/                       - process_packets - registers
r:7.3/		              - process_packets - RTP
rm:24.6/	- RTP - packets shift, prepare for processing
rh:16.7/	- RTP - search hash
rd:19.3/	- RTP - move to read queue

Adding new thread is automatic

'd' is running after pb,
if 'd' > 50%, new thread 's' (reasembles, sip parse) 
if 's' > 50%, new thread 'e' (callid search + structs create for calls), 
if 'e' > 50%, new thread 'c' (calls)
if 'c' > 50%, new thread 'g' (registers)
if 'g' > 50%, new thread 'r' (rtp)

Threads removing

if thread 'r|g|c|e|s' consuming < N% remove it.

t2_cpu overloaded

when pb:is over 95% make sure t2_boost is enabled in settings - if not helps, try to modify options (decrease values from default) pcap_queue_dequeu_window_length=2000|1000(more interfaces) or pcap_queue_dequeu_need_blocks=0.

tRTP_CPU

[658.8%/46.7m/15t] means that 15threads processing rtp, peak thread 46.7%, sum 658.8%

tacCPU

[n0|n1|n...] %cpu utilization when compressing pcap files or when compressing internal memory if tar=yes (which is by default) number of threads grows automatically

RSS/VSZ

RSS: resident size, which is an accurate representation of how much actual physical memory sniffer is consuming. in MB
VSZ: virtual size of a process, which is the sum of memory it is actually using, memory it has mapped into itself (for instance the video card’s RAM for the X server),
     files on disk that have been mapped into it (most notably shared libraries), and memory shared with other processes. VIRT represents how much memory the program is able to access at the present moment.

LA

北京赛车黑马人工计划[11.90 10.93 10.71/8h] load averages in last 1,5,10 minutes/count of cpus, h=when hyperthreading enabled

秒速赛车6码计划 三分彩计划软件下载 分分11选5精准计划群 幸运快3追号计划 超级时时彩缩水计划