For simple packet capture simply use tcpdump.
But I guess that is not what you want to achieve.
I still recommend heplify (on the box where sip is happening and maybe rtp) -> kamailio (remote server) -> mysql / homer. heplify is very easy to use and will create pcap-files with only rtp / rtcp / sip traffic. all you usually need. in parallel it feeds kamailio with hep packets, which can be visually accessed by homer, which you only need if you want to search calls etc. I used to look for a call within homer, and if i needed RTP i took the pcap files created by heplify.
If the original post was too verbose, its basically this:
tcpdump captures in 30 (or xxx) minute chunks, in my case I store 3 days worth.
I then use sngrep to open the pcap and then search within to find the call or calls I am after.
I know what the calls I am looking for are because I look in fusion and find some call examples if the customer doesn't have any on hand.
A cron job deletes all files older than xxx days, minutes, hours or whatever.
These run all the time. There is no shipping the packets elsewhere, which doubles bandwidth consumption. Baring sngrep misbehaving this is fast and efficient.