Hi Denis,
It is difficult for me to assess your intervals, and triggering reasons.
For example, your sheet starts at 07:08 AM, but the counter accumulation
is reset way back, at 00:00.
Please provide some actual fraud event logs, with a log such as below,
so we can blame the sequential calls for sure:
event_route [E_FRD_CRITICAL]
{
fetch_event_params("$var(param);$var(val);$var(thr);$var(user);$var(number);$var(ruleid)");
xlog("E_FRD_CRITICAL:
$var(param);$var(val);$var(thr);$var(user);$var(number);$var(ruleid)\n");
}
Best regards,
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 24.04.2018 12:06, Denis via Users wrote:
Hello Liviu!
"Yes, the "sequential calls" holds the size of the last batch of calls
sent to the same number. For example, if a user were to dial 44 and 45
prefixes in a round-robin manner, his "sequential calls" value would
never exceed 1."
Here you can find acc from one of the client (from the beginning of
the 24.04)
https://yadi.sk/i/Zkj70CCM3UiEyw
and fraud module params looks like
prefix: 810
start_hour: 00:00
end_hour: 23:59
daysoftheweek: Mon-Sun
cpm_warning: 10
cpm_critical: 11
call_duration_warning: 1499
call_duration_critical: 1500
total_calls_warning: 99
total_calls_critical: 100
concurrent_calls_warning: 25
concurrent_calls_critical: 30
sequential_calls_warning: 14
sequential_calls_critical: 15
Something wronge))))
As you can see the client dial different numbers but module detects
fraud anyway.
--
С уважением, Денис.
Best regards, Denis
19.04.2018, 18:14, "Liviu Chircu" <li...@opensips.org>:
Hi Denis!
Good catch! For the first time, I documented a parameter, but forgot
to export it for the script writer as well! :)
It is now fixed. Thank you!
Cheers,
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com <http://www.opensips-solutions.com/>
On 19.04.2018 17:28, Denis via Users wrote:
Hello, Liviu!
I had installed latest Opensips 2.2 (Opensips 2.2.6)
In a log file, during start of Opensips, i can see
ERROR:core:set_mod_param_regex: parameter <use_local_time> not found
in module <fraud_detection>
Where is mistake?
Thank you.
--
С уважением, Денис.
Best regards, Denis
13.04.2018, 09:49, "Denis via Users" <users@lists.opensips.org>
<mailto:users@lists.opensips.org>:
Ok, thank you
--
С уважением, Денис.
Best regards, Denis
12.04.2018, 14:23, "Liviu Chircu" <li...@opensips.org
<mailto:li...@opensips.org>>:
Use $Ts [1] to get the current UNIX timestamp in seconds.
[1]: http://www.opensips.org/Documentation/Script-CoreVar-2-4#toc91
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com <http://www.opensips-solutions.com/>
On 12.04.2018 14:08, Denis via Users wrote:
Liviu, is there any way to find out current time from Opensips
during call processing (some functions, variables etc which i can
use in opensips.cfg)?
Thank you
--
С уважением, Денис.
Best regards, Denis
12.04.2018, 13:50, "Liviu Chircu" <li...@opensips.org>
<mailto:li...@opensips.org>:
Hi Denis,
The fraud detection module has no such mechanism, currently. We
could invent some variables such as $frd_last_warn,
$frd_last_crit, $frd_first_warn, $frd_first_crit. They would
output a UNIX timestamp. If there were no warnings during the
current interval, the timestamp value would be 0. Can't think of
anything better now - you can polish this idea and open up a
pull request if you want.
How many users do you have? The "cachedb_local" offers a fast
and configurable hash implementation. Why wouldn't it be a good
solution in order to store/fetch the above-mentioned timestamps
for each of your users?
Best regards,
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
<http://www.opensips-solutions.com/>
On 10.04.2018 13:11, Denis via Users wrote:
Hello, Liviu!
"So you want to check the time of the last fraud detection
attempt for a user?"
Yes, but not for store this time to anywhere.
I want to detect the time of the first fraud call, and if this
time, for example, between 19:00 and 09:00, make some actions.
Can i do it with Opensips?
Thank you.
--
С уважением, Денис.
Best regards, Denis
10.04.2018, 12:28, "Liviu Chircu" <li...@opensips.org>
<mailto:li...@opensips.org>:
Hi Denis,
Yes, the "sequential calls" holds the size of the last batch
of calls
sent to the same number. For example, if a user were to dial
44 and 45
prefixes in a round-robin manner, his "sequential calls" value
would
never exceed 1.
So you want to check the time of the last fraud detection
attempt for a
user? You can use "cachedb_local", for example, and hold the
last fraud
detection timestamp for each user. Also, note that
check_fraud() [1] has
some useful return codes (-1 and -2), in case you don't want
to use the
E_FRD_ events.
Cheers,
[1]:
http://www.opensips.org/html/docs/modules/2.4.x/fraud_detection.html#func_check_fraud
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
<http://www.opensips-solutions.com/>
On 09.04.2018 09:12, Denis via Users wrote:
Hello, Liviu!
Thank you very much!
I will try your fix.
And, What does "Sequential calls" mean? These are calls
to one number?
So, if we have situation dealing with reset counters, i
want to make
one thing.
I want to check the time when fraud has been detected and
if this
time, say, after 19:00 make some actions. How can i check
time of the
call processing?
Thank you.
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
,
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
,
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
,
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
,
_______________________________________________
Users mailing list
Users@lists.opensips.org <mailto:Users@lists.opensips.org>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users