geedge-jira/md/OMPUB-724.md

# 福建项目：功能端开始sip和fw_voip插件后，安全策略命中日志中无SIP相关信息

| ID | Creation Date | Assignee | Status |
|----|----------------|----------|--------|
| OMPUB-724 | 2022-12-03T13:16:17.000+0800 | 刘学利 | 处理中 |


---

泉州电信固网192.168.35.1-2，192.168.36.1-2（*目前该功能端未升级，仍为TSG 22.01版本*）前几日开启了sip和fw_voip插件，用户界面下发了sip协议Monitor、Deny策略。但策略命中日志中的SIP下相关字段均为空值。
 !image-2022-12-03-13-16-00-167.png|thumbnail! 
 !image-2022-12-03-13-16-05-798.png|thumbnail! 
 !image-2022-12-03-13-15-50-059.png|thumbnail! 

附件中pcap包为用户在TSG界面【Packet Capture】功能中捕获的相关数据包
 !image-2022-12-03-13-15-41-853.png|thumbnail! 
**yangwei** commented on *2022-12-06T11:34:32.453+0800*:

* 目前SIP业务记录日志的目标，主要针对VoIP通话场景，即仅对出现Method为INVITE和BYE（语音通话拨号和挂断）的消息，记录主叫、被叫和UA等信息。
 * 所附的pcap包中，大量的Method为MESSAGE和REGISTER，因此这些会话对应的SIP日志中，不会记录主叫被叫等字段



---

**zhengchao** commented on *2022-12-12T10:25:34.266+0800*:

既然流量中有这些信息，还是要想办法把信息记录下来。



---



# Attachments

Attachment: 274_149.pcapng

[274_149.pcapng](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/33351/274_149.pcapng)



Attachment: 274_151.pcapng

[274_151.pcapng](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/33350/274_151.pcapng)



Attachment: image-2022-12-03-13-15-41-853.png

![image-2022-12-03-13-15-41-853.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/33349/image-2022-12-03-13-15-41-853.png)



Attachment: image-2022-12-03-13-15-50-059.png

![image-2022-12-03-13-15-50-059.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/33348/image-2022-12-03-13-15-50-059.png)



Attachment: image-2022-12-03-13-16-00-167.png

![image-2022-12-03-13-16-00-167.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/33347/image-2022-12-03-13-16-00-167.png)



Attachment: image-2022-12-03-13-16-05-798.png

![image-2022-12-03-13-16-05-798.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/33346/image-2022-12-03-13-16-05-798.png)