Home WTI User's Guides
cover
1. Introduction
2. Unit Description
2.1. Front Panel Indicators
2.2. Back Panel
3. Hardware Installation
3.1.1. AC Powered Units
3.1.2. DC Powered Units
3.2. Set-Up Switches
3.2.1. Default Baud Rate for Console Port
3.2.2. Default Baud Rate for PBX Port A PBX Port B and AUX Port
3.2.3. Dialback Security Mode
3.2.4. Console Port Password
3.2.5. Power Up Default
3.3. Reset to Defaults
3.4.1. PBX Inputs A and B and AUX Port
3.4.2. Modem Port
3.4.3. Console Port
3.4.4. Network Port
4. Configuration
4.1. Access to the Command Mode
4.2. Menu System Conventions
4.2.1. Script Access to Menu Functions
4.3. Set System Parameters
4.4. Port Configuration
4.4.1. PBX Port A and PBX Port B
4.4.2. Auxiliary Port Configuration
4.4.3. Console Port Configuration
4.4.4. Modem Port Configuration
4.4.4.1. Dialback Security
4.4.5. Network Port Configuration
5. Menu System Description
5.1. Software Tree
6. Status Screens
6.1. Buffer Status Screen
6.2. File List Screen
6.3. System Status Screen
6.4. Scheduled Action Status Screens
6.5. Dialback Security Status Screen
6.6. Data Filters Alarms Status Screen
6.7. Alarm Condition Status Screen
6.8. Alarm Filter Clue Status Screens
6.10. 80 Full Alarm Status Screen
6.11. Input Contact Alarm Status Screen
6.12. Reason for Action Screen
6.13. PBX Port Status Screens
6.14. Auxiliary Port Status Screen
6.15. Console Port Status Screen
6.16. Modem Port Status Screen
6.17. Network Port Status Screen
6.18. Network Status Screen
7. The Data Filters
7.1. The Data Filter Configuration Menus
7.2. Defining the Data Filter Format
7.3. Defining Data Filter Clues
7.4. Logical and Relational Operators
7.4.1. Logical AND-OR Conditions
7.4.1.1. Logical AND Conditions
7.4.1.2. Logical OR Conditions
7.4.2. The Contains String Operator
7.5. Real Time Variables
7.6. Assigning the Data Filter to a Port
7.6. Assigning the Data Filter to a Port
8. The Alarm Filters
8.1. Common Types of Suspect Phone Activity
8.2. The Alarm Configuration Menu
8.2.1. Default Alarm Filter Actions
8.3. The Alarm Filter Configuration Menus
8.4. Defining the Alarm Filter Format
8.5. Defining the Alarm Filter Clues
8.5.1. Alarm Clue Definition
8.5.2. Editing and Deleting Clues
8.6. Logical and Relational Operators
8.6.1. Logical AND-OR Conditions
8.6.1.1. Logical AND Conditions
8.6.1.2. Logical OR Conditions
8.6.2. The Contains String Operator
8.7. Real Time Variables
8.8. Assigning the Alarm Filter to a Port
8.9. Match Parameter Definition Examples
9. PBX Inactivity Alarms
9.1. Schedules and Timers
9.2. Enabling the PBX Inactivity Alarm
10. The 80 Full Alarm
11. The Input Contact Alarms
11.1. The Optional IO Monitor
11.2. Configuring the Input Contact Alarm
12. Alarm Actions
12.1. Alarm Actions for Alarm Filter Clues
12.2. Alarm Action Summary
12.2.1. None
12.2.2. Callout
12.2.3. Alphanumeric Page
12.2.4. Numeric Page
12.2.5. SNMP Trap
12.2.6. Output Contact
12.2.7. Console
12.3. The Auto Execute Function
13. Scheduled Actions
14. Saving NetLink Parameters
14.1. Saving Parameters to Flash Memory
14.2. Saving and Restoring Parameters from an ASCII File
14.2.1. Saving Parameters to an ASCII File
14.2.2. Saving Parameters to an ASCII File
14.3. Configuring NetLink with Saved Parameters
15. Buffer Functions
15.1. Memory Partitions and Shared Data
15.1.1. Partitions and Files
15.1.2. Setting the Partition
15.1.3. Releasing the Partition
15.2. Menu Driven Data Release
15.2.1. The Buffer Functions Menu
15.2.2. Read Session Parameters
15.3. Command Driven Data Release
15.3.1. Command B00
15.3.2. The B01 Command Line
15.3.3. Command B01 Examples
15.3.4. Other Commands Used During Data Release
15.4. Retrieving Data Using FTP Push
15.4.2. FTP Push Start Time
15.5. The FTP Server Feature
15.5.1. Configuring the FTP Server Feature
15.5.2. Retrieving Data Using FTP Server
15.5.3. File Names for the FTP Server Function
15.5.5. Response Messages Generated by the FTP Server Function
15.6. The Auto Delete Function
15.7. Zmodem Data Release Mode
16. Other Menu Functions
16.1. System Functions
16.1.1. Security Level
16.1.2. Pass-Through Mode
16.1.3. Monitor Mode
16.1.4. Clear Alarm Condition
16.1.5. Clear Alarm Counters
16.1.6. Download Parameters
16.1.7. Audit Trail
16.1.8. Upload Firmware
16.2. System Diagnostics
16.2.1. Load and Test Memory
16.2.2. Send Test Message
16.2.3. Test Pager
16.2.4. Send Test SNMP Trap
16.3. Default Parameters
17.3. Real Time Mode
17.4. Selective Read
17.5. Multiple Telnet Connections
17.5.1. Conflicts with Other Command Ports
18. Command Reference Guide
18.1. Command Mode Access
18.2. Command Syntax
18.3. Command Help
18.4. Command Summary
A. Specifications
B.2. Console Port
B.2.1. NetLink Console Port
B.2.2. NetLink Console Port
C. Cable Installation
D. Supervisor Functions and User Functions
D.1. Security Mode at Start Up
D.2. Dialback Security
D.3. Supervisor Mode and User Mode Functions
E. Alarm Clue Definition Tips
E.1. Headers Banners and Other Non-Data
E.1.1. The Comparative Operators
E.1.1.1. Limit Comparisons
E.1.1.2. Exclude Non-Data Characteristics
E.1.2. Exact Match with PBX Call Record Format
E.2. Programming Support
F. Customer Service
G. Bxx Command Summary
Index
2.1. Front Panel Indicators
PollCat NetLink

8.9. Match Parameter Definition Examples

 

The following examples are based on fictional PBX call record formats. When designing your Alarm Filter, be aware that the record structure will differ from those shown in the examples. When defining the Alarm Filter Format and Match Parameters the following factors must be considered:

•                      Exact Match: Alphanumeric values in parameter definitions must exactly match those found in the call record. If the record shows the time as "09:00", then the match parameters must also list the time as "09:00", and not "0900" or "9:00".

•                      Number of Characters : For any given variable, the number of characters specified in the Alarm Filter Format must exactly match the number of characters indicated in the Match Parameters definition. For example, if the filter format defines the variable “B” as the first seven characters of the number dialed, then the parameter definition must account for all seven characters.

•                      Searching for Operator Characters: When searching for a text string which contains a space or any character that is also one of NetLink's operators (e.g. >, <,or &) a backslash (\) must precede the space or operator. For example, to search for "***Error***", the match parameter would be defined as "\*\*\*Error\*\*\*". Likewise, when searching for "hello there", the match parameter would be defined as "hello\ there".

•                      Variable Case: When defining and using variables, take care to use the correct case. Real Time variables are always entered as lowercase characters; regular variables are always entered as uppercase characters.

 

Example 1: Repeated Attempts to Access Voice Mail

This Alarm Clue counts short calls to voice mail. This type of call could indicate that a caller is dialing into voice mail and randomly trying access codes in an attempt to find an outside line.

For this example, assume the Alarm Filter Format is defined as shown below. Note that the first three lines in Figure 8.7 are sample call records, and the fourth line is the Alarm Filter Format. The variables A, B, and D are not used for this clue.

 

-AAAAA-BBB-CCCCC------------DDDDDDD-----------EEEEE------­

Figure 8.7: Alarm Filter Format; Match Parameters Example 1

Where: CCCCC is the first five characters of the username. EEEEE is the field that lists the call duration.

Match Parameters for this Alarm Clue would be defined as follows:

C=VMAIL*E<=00:30

Where: C=VMAIL Counts calls with "VMAIL" in the username field.

* is the logical "AND" operator. E<=00:30 Tells NetLink to count calls which last 30 seconds or less.

Example 2: After Hours Long Distance Calls.

This clue counts long distance calls placed after 6:00 pm and before 7:00 am. This type of call could indicate that a hacker has obtained an access code for an outside line and is using the line to dial long distance numbers after work hours.

For this example, assume the Alarm Filter Format is defined as shown below. Note that the first three lines in Figure 8.8 are sample call records, and the fourth line is the Alarm Filter Format. The variables B, C, and E are not used for this clue.

 

-AAAAA-BBB-CCCCC------------DDDDDDD-----------EEEEE------­

Figure 8.8: Alarm Filter Format; Match Parameters Example 2

Where: A is the time the call was received or placed. D is the first seven digits of the number dialed.

Match Parameters for this Alarm Clue would be defined as follows:

(A>18:00+A<07:00)*D=1-----­

Where:

(A>18:00+A<07:00)

 

Example 3: Lengthy International Calls

This clue requires that you are familiar with the average duration of international calls placed in the course of a normal day. For example, if your average international call lasts about 10 minutes, and you are suddenly billed for a two hour call, this could indicate phone abuse.

For this example, assume that the Alarm Filter Format is defined as shown below. Note that the first three lines in Figure 8.9 are sample call records, and the fourth line is the Alarm Filter Format. The variables A, B, and C are not used for this clue.

 

-AAAAA-BBB-CCCCC------------DDDDDDD-----------EEEEE------­

Figure 8.9: Alarm Filter Format; Match Parameters Example 3

Where: D is the field that lists the first seven digits of the number dialed. E is the field that lists the call duration.

Match Parameters for this Alarm Clue would be defined as follows:

D=011----*E>=20:00

Where:

D=011----Counts calls where the first three digits of the number dialed are "011". The remaining 4 digits are entered as wild card characters (-).

* is the logical AND operator. E>=20:00 Counts calls that last 20 minutes or longer.

Example 4: The "Contains String" Operator ($)

This clue provides an example of how the "Contains String" operator ($) can search a field for a specific text string, without regard for the string's position within the field. This is useful in cases where the call record includes a field with right justified numbers (e.g. the number dialed).

For this example, assume that the Alarm Filter Format is defined as shown below. Note that the first three lines in Figure 8.10 are sample call records, and the fourth line is the Alarm Filter Format.

 

----------------------------AAAAAAAAAAAAAAAAA------------­

Figure 8.10: Alarm Filter Format; Match Parameters Example 4

Where A is the field that lists the number dialed.

In this example, the PBX also records digits entered after the call has connected. This is often seen in cases where the caller is prompted to press numbers in order to access a specific department or extension. In the third line of the example, the digits "11#2" represent digits entered after the call was connected.

Match Parameters for this Alarm Clue would be defined as follows:

A$1900

Where A$1900 tells NetLink to count calls that have the string "1900" anywhere in the "A" field. When the "$" operator is used, wild card characters are not used to fill the remaining digits.

Note: When the "Contains String" operator is used, the clue may also count call records that do not fit the intended purpose of the clue. For example, the clue in this example would also count calls to any number that contains the string "1900", such as "555-1900".