SIP · SIPREC · HEP · 100% self-hosted

The agentic NOC for your voice network.

It does not just capture your calls. It watches them, investigates anomalies on its own, explains the root cause, and alerts your phone with action buttons. Acknowledge, resolve, investigate deeper, or approve a safe remediation. Every resolution makes the next diagnosis smarter.

🟢 Live demo Install now — free

50 concurrent calls free — forever

15+ SBC platforms supported

0 cloud dependencies

Install in one line — free tier, no card:

curl -fsSL https://raw.githubusercontent.com/VoxyWatch/publish/main/install.sh | sudo bash

View on GitHub

Autonomous incident investigationAct only with your approval — never touch SBCTelegram with action buttons100% self-hosted

Works out of the box with

AsteriskKamailioOpenSIPSFreeSWITCHRTPEngineSansay VSXi

The problem

Your client detects the fault before your NOC

Every minute it takes you to detect a voice quality problem is a minute your customer is already considering leaving.

The customer calls first

A trunk silently degrades the ASR from 90% to 70%. Global thresholds never see it. The ticket arrives from the client, not from monitoring — with the SLA already expired.

2–4 hours per incident

Wireshark, grep in SBC, manual captures and correlation by hand. Each incident burns up senior engineer hours while traffic continues to fail.

Days waiting for the manufacturer

Without evidence of your own, the diagnosis ends in a ticket with the manufacturer of the SBC. Days of waiting, generic answers and zero control over the timeline.

Without knowing which carrier is failing

Carrier A or Carrier B? Destination or route? Without attribution by trunk and by country, conversations with suppliers are competing opinions, not evidence.

🤖 The authentic NOC

A virtual NOC engineer who runs the incident cycle from end to end

DETECT → INVESTIGATE → DIAGNOSIS → NOTIFY → ACT → LEARN

Actions are executed only after your approval — and the AI has no tools to change your network. By design, not by promise.

🚨

Incident engine

Each anomaly becomes a persistent incident with a lifecycle (open → recognized → resolved), deduplication, auditable timeline and self-resolution for stability. Dedicated Incident Tab with one-click actions.

🔍

Freelance researcher

As soon as you open an incident, VoxyWatch investigates on its own: sample failed calls, dominant SIP codes, failing IP routes, and whether other trunks were degraded as well — the local-vs-carrier signal. Using your LLM key, write down the probable root cause citing that evidence.

📲

Telegram and mail with action buttons

Critical incidents arrive on your phone with the attached diagnosis and inline buttons: Recognize · Resolve · Investigate · plus proposed remediation when applicable. Each portal user links their own chat with a single-use code. Each action audited by real user, restricted by role.

📚

Runbooks + case memory

Includes field runbooks that the researcher follows and cites step by step — add your own as JSON. Resolved incidents become institutional memory: “same as incident #123, resolved: carrier maintenance.”

🛡️

Statistical confidence

CRITICAL must be earned: minimum sample, measurement coverage, deviation from the core's own baseline, sustained degradation. Validated with production data: −92% false critical noise.

📋

Capacity and digest forecast

Audio retention is measured, not estimated — capacity incidents open before you run out of space. A daily/weekly digest arrives at Telegram or your webhook according to the calendar.

🛟 Secure remediation, with your approval

The proposed actions come from a closed catalog at the code level (restart the capture sniffer, recalculate baselines — never your SBC), are executed only after your tap, and remain in the timeline of the incident with who-approved-what.

🟢 Live demo ↗

Who it's for

Built for teams operating real voice networks

Carriers, ITSPs, UCaaS providers, and voice integrators. Vendor-agnostic, multi-SBC, self-hosted.

Carriers

A NOC view of every interconnect: ASR/NER by route, anomaly detection by trunk, and 5xx spikes flagged as they happen.

ITSPs

Visibility by customer, quality by destination, carrier attribution via ITU-T E.164, and audio evidence when you need to prove what happened in a call.

UCaaS providers

Auditable voice quality by tenant: MOS, jitter, packet loss, and PDD. Detect degradations before customers escalate.

Voice integrators and MSPs

Diagnose calls without escalating to the SBC vendor. Incident analysis with evidence across multiple platforms.

VoxyWatch

From a SIP packet to the action your NOC needs to execute

Capture, attribute, learn and explain — all in a single self-hosted binary.

Universal multi-source capture

Two ingestion paths: HEP v1/v2/v3 (tested with Asterisk, Kamailio, OpenSIPS, FreeSWITCH, RTPEngine, Sansay) and a native SIPREC recording server in beta (Oracle, Ribbon, AudioCodes, Cisco CUBE) — plus the included voxywatch-probe (Go + libpcap) for everything else.

Carrier and country intelligence

Load your trunks only once. Each call is attributed to its carrier by IP/CIDR and to its destination country via an ITU-T E.164 engine with longest match (197 codes). ONNET traffic marked separately.

Automatic baselines per trunk

Each trunk learns its own normal (mean ± σ per hour). Detects silent drifts that global thresholds miss — like a ASR dropping from 90% to 70% on a single carrier.

AI co-pilot for NOC — your own key

Co-pilot by trunk and summary: reads health + baseline + 48h trend, returns probable cause and action for NOC. Works with OpenAI, Anthropic, Gemini or OpenRouter. Never touch the SBC.

Embedded SNMP agent + traps

Integrated SNMP v2c/v3 agent with 30+ OIDs and traps per edge for capture loss, sniffer down, low ASR/MOS, disk/CPU/RAM pressure. Downloadable MIB. Integrates with PRTG, Zabbix, Nagios.

100% self-hosted, no exceptions

A single binary + PostgreSQL/TimescaleDB, provisioned by the installer in 60 seconds. Your hardware, your data, without cloud, without telemetry, without call-home.

VoxyWatch vs.

Where VoxyWatch fits

VoxyWatch is made for 24/7 observability of NOC. It complements — not replaces — tools like Wireshark or open source projects like HOMER.

	VoxyWatch	HOMER	Dashboards SBC	Wireshark
Self-hosted	✓	✓	—	✓
Web portal	✓	✓	✓	—
HEPv1/v2/v3	✓	✓	~	~
MOS E-model	✓	✓	~	—
Audio reconstruction SIPREC	✓	—	~	—
Audio playback in browser	✓	—	~	—
AI Assistant	✓	—	—	—
Autonomous incident investigation	✓	—	—	—
Actionable Telegram notifications	✓	—	—	—
Installation in a binary	✓	—	·	✓
Forensic Packet Inspection (Specialist Tool)	·	~	—	✓

🔒 PCI-DSS

Designed for PCI-DSS environments

When your customers dictate card numbers over the phone, the sensitive RTP is discarded at the source. The payment audio never leaves the secure environment, never travels over the network, never reaches VoxyWatch.

Maximum scope reduction

The Probe discards the RTP from the payment window at the source — the lowest possible PCI scope for your deployment.

Hot reload via JSON

Add or remove SSRCs in pci_suppress.json — Probe applies in seconds, no reboot, no maintenance window.

Defense in depth

Works with portal suppression for two-layer assurance: misconfigured Probe entries are detected on the server before storage.

CRM Ready

Your contact center system writes the SSRC when the agent activates pause. Resume removes it. No new infrastructure.

Read the technical guide →

🔗 Server MCP

Your voice network, exposed to your agents

VoxyWatch includes a standalone Model Context Protocol server: connect Claude Desktop, Claude Code or any agent compatible with MCP and let it query health, KPIs, trunk status, CDRs and incidents — with evidence and diagnostics — through 6 read-only tools. Authenticated with the same scoped API keys.

voxywatch-mcp.js · 6 read-only tools · scoped API keys

Your corporate AI can now interrogate your voice network.

HEP · SIPREC

Two intake routes cover practically the entire market

If your device speaks HEP or SIPREC — and almost everything does — VoxyWatch works with it.

HEP · tested

HEP — tested and supported

Validated in laboratory and production.

Asterisk HEP · tested Kamailio HEP · tested OpenSIPS HEP · tested FreeSWITCH HEP · tested RTPEngine HEP · tested RTPProxy HEP · tested Sansay VSXi HEP · tested CaptAgent HEP · tested HEPlify HEP · tested sngrep / sipgrep HEP · tested

SIPREC · beta

SIPREC — native SRS (beta)

VoxyWatch includes a native SIPREC recording server (RFC 7865/7866). These SBCs send their recording session directly to VoxyWatch — without agent HEP. SIPREC support is in active beta; Write to us and we will validate it with you for your specific SBC.

Oracle / ACME Packet SIPREC · beta Ribbon / Sonus SIPREC · beta AudioCodes Mediant SIPREC · beta Cisco CUBE SIPREC · beta Avaya Session Manager SIPREC · beta

Does your source emit neither HEP nor SIPREC? The voxywatch-probe (libpcap) captures it from the NIC. Step by step guide on the wiki.

specs

Technical specifications

Light. It runs comfortably on a modest server.

Portal port 3080 (HTTP) · 3443 (HTTPS)

HEP Ports 9060 UDP+TCP + configurable

Database PostgreSQL + TimescaleDB

Minimum RAM 512 MB (2 GB recommended)

Operating system Linux (Debian/Ubuntu/RHEL)

Versions HEP 1, 2 and 3 (autodetected)

Audio codec PCMU/PCMA · G.722 · G.729 · AMR · GSM · G.723 · Opus · Speex

Export formats PCAP WAV CSV JSON

use cases

Real use cases

From theory to diagnosis in minutes.

Debug a carrier interconnect

Filter by status = failed, open any call and the SIP diagram shows the INVITE → 100 → 486. Root cause confirmed in less than 5 minutes.

Audit recordings SIPREC

Reconstructs the audio, listens by channel, and traverses with jitter and RTCP to locate exactly where the client's audio was cut off.

Validate a new SBC

Make test calls and verify that they appear with correct numbers, high MOS and clean diagrams before going to production.

Who built it

Built by network engineers with real experience operating carrier-grade voice networks.

VoxyWatch is not a generic observability platform that SIP learned last quarter. It's designed by people who have operated voice networks — and built specifically for the engineers who do.

🔒 Early adopter pricing is locked in while we incorporate our first wave of customers.

FAQ

Frequently asked questions

What we get asked the most before we start.

How do I cancel my subscription?

Open the Paddle customer portal and cancel in one click — link below. Your license remains active until the end of the period.

Open Paddle portal →

Do you accept bank transfer, PayPal or Stripe?

Yes, upon request. Write to [email protected] with the method and duration you prefer, and we will coordinate it.

Can I upgrade from Pro to Telco without losing what I already paid?

Yes. Open a support ticket and we will credit the unused portion of your Pro license towards the Telco plan.

What happens if my server breaks or I need to change hardware?

Open a support ticket. We reissue your license for the new HWID. Same plan, same expiration.

Do you issue an invoice for my accounting?

Yes. Open a support ticket with your tax information (company name, RFC/Tax ID, address) and we will send a formal invoice.

Can you bill me in MXN, EUR or another local currency?

Upon request. Open a support ticket with the currency and duration, and we coordinate outside of Paddle's default USD flow.

What happens when my license expires? Do I lose my data?

No. Your CDRs, audio recordings and settings remain intact on your server. Only new captures are paused until you refresh.

Does VoxyWatch send data to the cloud?

No. VoxyWatch is 100% self-hosted. Without telemetry, without call-home, no data leaves your network. The only way out is calls to the AI copilot — and those use YOUR API key, to YOUR chosen provider.

Is there a free trial period?

Yes. The Free tier (50 concurrent calls, unlimited CDRs) is free for life and includes all features. No card. You install in 60 seconds.

Can the AI agent change my network?

No. The AI does not have any tools to touch your SBC — by design, not by promise. The proposed remediations come from a closed catalog at the code level (restart the capture sniffer, recalculate baselines) and are executed only after explicit human approval, with full audit of who approved what.

How does the AI Copilot handle privacy?

It's bring-your-own-key. You configure your own API key of OpenAI, Anthropic, Gemini or OpenRouter. Requests go directly from your VoxyWatch to the provider you choose. VoxyWatch never sees the data and never passes through our servers.

🤝 Partners

Refer a client, earn commission

Earn 10% to 30% of the first payment when you refer a customer to VoxyWatch. The exact percentage depends on your involvement: a simple reference starts at 10%; Active sales support (introductions, technical pre-sales, demo coordination) reaches up to 30%.

1
Contact us at [email protected] with the prospectus details.
2
We agree on the commission percentage depending on the level of support.
3
When the client pays for any plan (1 month, 6 months, 1 year or 2 years), you receive your commission on that first payment.
4
Payment method and minimum payout amount agreed by email.

Request terms

Write to [email protected] and we will send you the complete terms of the program.

Start seeing your calls today

No cloud. No SaaS. No card. Deploy VoxyWatch on your own server and get carrier-grade SIP visibility.

Get started for free 🟢 Live demo