Installing VoipGuard on CentOS 6.3 or higher

The following instructions are to install VoipGuard on your system. Requirements for Voipguard are:

  • CentOS 6.3 or higher.
  • Mikrotik version 6.1 or higher


yum -y install wget httpd wireshark sendmail php php-gd php-mysql php-mbstring mtr php-process mysql-server librsvg2 urw-fonts sudo ipset

dependancies chkconfig --add httpd chkconfig httpd on /etc/init.d/httpd start chkconfig --add mysqld chkconfig mysqld on /etc/init.d/mysqld start
cd /usr/local/src/ wget
sniffer download
tar -xvf voipmonitor*.tar.gz cd voipmonitor* ./
mysql -u root -p
create database voipmonitor;
GRANT ALL PRIVILEGES ON voipmonitor to root@localhost IDENTIFIED BY 'set or use root sql password';
GRANT ALL PRIVILEGES ON voipmonitor to root@WHMCSIP IDENTIFIED BY 'set or use root sql password';

EDIT /etc/voipmonitor.conf and set the root MYSQL password.
After that, run /etc/init.d/voipmonitor start.
set config

VOIPGUARD installation into SNIFFER

cd /tmp/
tar -xvf voipguard.tar.gz
download voipguard
cp -R voipguard/ /var/lib/
cd /var/lib/voipguard/
yum install -y python-pip
installing voipguard

Voipguard installation is completed. The following will explain on how to configure VoipGuard on whmcs:
  1. Login as client
  2. Services>My services
  3. Under your Voipguard product click on 'view details'
  4. From here you will see the configuration page.You will need to add your voipguard database details ( if local) and you will need to load your Mikrotik details. Make a backup of your Mikrotik before proceeding. After details are entered you may save the details and proceed to creating alerts.


  1. Realtime concurrent calls- Alert if the calls at that moment from a certain IP is more than the limit specified in the alert
  2. Change Register Country- If a sip account has a registration change to a foreign country.
  3. SIP PACKETS flood/ attack - A type of denial of service attack where multiple sip packets are sent to the server.
  4. SIP REGISTER flood/ attack - same as a packet flood except it would be a sort of dictonary attack where multiple usernames/passwords will be sent in the hopes that it will register to a weak account.
  5. ENSURE that you whitelist all your IP's in the INCLUDED ADDRESSES LIST or you might risk blocking yourself from the system.

Was this answer helpful?

 Print this Article

Also Read

Data cleaning in spool

Data Cleaning   PCAP spool directory By default sniffer stores all data to...