Installing VoipGuard on CentOS 6.3 or higher

The following instructions are to install VoipGuard on your system. Requirements for Voipguard are:

  • CentOS 6.3 or higher.
  • Mikrotik version 6.1 or higher


yum -y install wget httpd wireshark sendmail php php-gd php-mysql php-mbstring mtr php-process mysql-server librsvg2 urw-fonts sudo ipset

dependancies chkconfig --add httpd chkconfig httpd on /etc/init.d/httpd start chkconfig --add mysqld chkconfig mysqld on /etc/init.d/mysqld start
cd /usr/local/src/ wget
sniffer download
tar -xvf voipmonitor*.tar.gz cd voipmonitor* ./
mysql -u root -p
create database voipmonitor;
GRANT ALL PRIVILEGES ON voipmonitor to root@localhost IDENTIFIED BY 'set or use root sql password';
GRANT ALL PRIVILEGES ON voipmonitor to root@WHMCSIP IDENTIFIED BY 'set or use root sql password';

EDIT /etc/voipmonitor.conf and set the root MYSQL password.
After that, run /etc/init.d/voipmonitor start.
set config

VOIPGUARD installation into SNIFFER

cd /tmp/
tar -xvf voipguard.tar.gz
download voipguard
cp -R voipguard/ /var/lib/
cd /var/lib/voipguard/
yum install -y python-pip
installing voipguard

Voipguard installation is completed. The following will explain on how to configure VoipGuard on whmcs:
  1. Login as client
  2. Services>My services
  3. Under your Voipguard product click on 'view details'
  4. From here you will see the configuration page.You will need to add your voipguard database details ( if local) and you will need to load your Mikrotik details. Make a backup of your Mikrotik before proceeding. After details are entered you may save the details and proceed to creating alerts.


  1. Realtime concurrent calls- Alert if the calls at that moment from a certain IP is more than the limit specified in the alert
  2. Change Register Country- If a sip account has a registration change to a foreign country.
  3. SIP PACKETS flood/ attack - A type of denial of service attack where multiple sip packets are sent to the server.
  4. SIP REGISTER flood/ attack - same as a packet flood except it would be a sort of dictonary attack where multiple usernames/passwords will be sent in the hopes that it will register to a weak account.
  5. ENSURE that you whitelist all your IP's in the INCLUDED ADDRESSES LIST or you might risk blocking yourself from the system.
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Data cleaning in spool

Data Cleaning   PCAP spool directory By default sniffer stores all data to...