Home WTI User's Guides
cover
Warnings and Cautions
1. Introduction
2. Unit Description
2.1. Front Panel Indicators
2.2. Back Panel
3. Quick Start Guide
3.2. Hardware Installation
3.2.1. Apply Power to the NetLink II
3.2.2. Connect your PC to the NetLink II
3.3. Communicating with the NetLink II
3.3.1. Access via Console Port or Modem
3.3.2. Access via Network
3.4. Connect your PBX to the NetLink II
4. Hardware Installation
4.1. Connect the NetLink II to your Power Supply
4.2. Set-Up Switches
4.2.1. Console Port Password
4.2.2. Power Up Console Defaults
4.2.3 Modem Speaker
4.3. Reset to Defaults
4.4. Connecting Cables and Phone Line
4.4.1. PBX Input Port
4.4.2. Modem Port
4.4.3. Console Port
4.4.4. Network Port
5. Configuration
5.1. Command Mode Access
5.2. Menu System Conventions
5.3. Set System Parameters
5.3.1. The User Directory
5.3.1.1. Administrator Access
5.3.1.2. Adding New User Accounts
5.3.1.3. Editing and Deleting User Accounts
5.3.1.4. Viewing the User Directory
5.3.2 Real-Time Clock Settings
5.4. Port Configuration
5.4.1. PBX Serial Input Port
5.4.1.1. Field Suppression; The Lucent Switch Feature
5.4.2. PBX IP Port Configuration
5.4.3. Console Port Configuration
5.4.4. Modem Port Configuration
5.4.4.1. Dialback Security
5.4.5. Network Port Configuration
5.4.5.1. The IP Security Feature
5.4.5.2. The Email Text Messaging Parameters Menu
5.4.5.3. PPP Dialout Configuration
5.4.6. Push File Configuration
5.4.7. Server Configuration
6. Menu System Description
6.1. Software Tree
7. Status Screens
7.1. Buffer Status Screen
7.2. File List Screen
7.4. The User Directory
7.5 PBX Port Status Screen
7.6. The PBX IP Port Status Screen
7.7. The Console Port Status Screen
7.8. The Modem Port Status Screen
7.9. The Network Port Status Screen
7.10. Scheduled Action Status Screens
7.11. PBX Inactivity Alarm Status Screens
7.12. 80 Full Alarm Status Screen
7.13. Data Filters Alarms Status Screen
7.15. Reason for Action Screen
7.16. Alarm Filter Clue Status Screens
8. The Data Filters
8.1. The Data Filter Configuration Menus
8.2. Defining the Data Filter Format
8.3. Defining Data Filter Clues
8.4. Logical and Relational Operators 8.4. Logical and Relational Operators
8.4.1. Logical AND-OR Conditions
8.4.1.1. Logical AND Conditions
8.4.1.2. Logical OR Conditions
8.4.2. The Contains String Operator
8.5. Real Time Variables
8.6. Assigning the Data Filter to a Port
8.7. Data Filter Definition Examples
9. The Alarm Filters
9.1. Common Types of Suspect Phone Activity
9.2. The Alarm Configuration Menu
9.2.1. Default Alarm Filter Actions
9.3. The Alarm Filter Configuration Menus
9.4. Defining the Alarm Filter Format
9.5. Defining Alarm Filter Clues
9.5.1. Alarm Clue Definition
9.5.2. Editing and Deleting Clues
9.6. Logical and Relational Operators
9.6.1. Logical AND-OR Conditions
9.6.1.1. Logical AND Conditions
9.6.1.2. Logical OR Conditions
9.6.2. The Contains String Operator
9.7. Real Time Variables
9.8. Assigning the Alarm Filter to a Port
9.9. Match Parameter Definition Examples
10. PBX Inactivity Alarms
10.1. Schedules and Timers
10.2. Enabling the PBX Inactivity Alarm
11. The 80 Full Alarm
12. Alarm Actions
12.1. Alarm Actions for Alarm Filter Clues
12.2. Alarm Action Summary
12.2.1. None
12.2.2. Callout
12.2.3. Alphanumeric Page
12.2.4. Numeric Page
12.2.6. Email Text Message
12.2.7. Console
12.3. The Auto Execute Function
13. Scheduled Actions
14. Saving NetLink II Parameters
14.1. Saving Parameters to Flash Memory
14.2. Saving and Restoring Parameters from an ASCII File
14.2.1. Saving Parameters to an ASCII File
14.2.2. Saving Parameters to an ASCII File
14.3. Configuring NetLink II with Saved Parameters
15. Buffer Functions
15.1. Memory Partitions and Shared Data
15.1.1. Partitions and Files
15.1.2. Setting the Partition
15.1.3. Releasing the Partition
15.2. Menu Driven Data Release
15.2.1. The Buffer Functions Menu
15.2.2. Read Session Parameters
15.3. Command Driven Data Release
15.3.1. Command B00
15.3.2. The B01 Command Line
15.3.3. Command B01 Examples
15.3.4. Other Commands Used During Data Release
15.4. Retrieving Data Using the Push Function
15.4.1. File Names Created by the Push Function
15.4.2. Push Start Time
15.5. Retrieving Data Using the Server Function
15.5.1. File Names Created by the Server Feature
15.6. The Auto Delete Function
15.7. Zmodem Data Release Mode
16. Other Menu Functions
16.1. System Functions
16.1.1. Pass-Through Mode
16.1.2. Monitor Mode
16.1.3. Clear Alarm Condition
16.1.4. Clear Alarm Counters
16.1.5. Download Parameters
16.1.6. Audit Trail
16.1.7. Upload Firmware
16.1.8. Download SSH Server Keys
16.2. System Diagnostics
16.2.1. Load and Test Memory
16.2.2. Send Test Message
16.2.3. Test Pager
16.2.4. Send Test SNMP
16.2.5 Send Test SYSLOG Message
16.3. Reboot System
17. Command Reference Guide
17.1. Command Mode Access
17.2. Command Help
17.3. Command Syntax
17.4. Command Summary
A. Specifications
B. Description of System Interfaces
B.1. Serial PBX Input Port
B.2. Console Port
C. Administrator Functions and User Functions
C.1. Security Mode at Start Up
C.2. Dialback Security
C.3. Administrator Mode and User Mode Functions
D. Alarm Clue Definition Tips
D.1. Headers Banners and Other Non-Data
D.1.1. The Comparative Operators
D.1.1.1. Limit Comparisons
D.1.1.2. Exclude Non-Data Characteristics
D.1.2. Exact Match with PBX Call Record Format
D.2. Programming Support
E. SSH Application Notes
E.1. Windows XP - Assign a User Name
E.2. Create the User Name in the WINSSHD Application
E.3. Generate Netlink client keys
E.4. Import the Client Keys Into the WINSSHD Application
E. Customer Service
Index
PollCat NetLink II B

9.9. Match Parameter Definition Examples

 

The following examples are based on fictional PBX call record formats.  When designing your Alarm Filter, be aware that the record structure will differ from those shown in the examples.  When defining the Alarm Filter Format and Match Parameters the following factors must be considered:

•                      Exact Match: Alphanumeric values in parameter definitions must exactly match those found in the call record. If the record shows the time as "09:00", then the match parameters must also list the time as "09:00", and not "0900" or "9:00".

•                      Number of Characters: For any given variable, the number of characters specified in the Alarm Filter Format must exactly match the number of characters indicated in the Match Parameters definition. For example, if the filter format defines the variable "B" as the first seven characters of the number dialed, then the parameter definition must account for all seven characters.

•                      Searching for Operator Characters: When searching for a text string which contains a space or any character that is also one of NetLink II's operators (e.g. >, <, or &) a backslash (\) must precede the space or operator.  For example, to search for "***Error***", the match parameter would be defined as "\*\*\*Error\*\*\*". Likewise, when searching for "hello there", the match parameter would be defined as "hello\ there".

•                      Variable Case: When defining and using variables, take care to use the correct case. Real Time variables are always entered as lowercase characters; regular variables are always entered as uppercase characters.

 

|08:18|001|VMAIL |IN | |00:20|00.00||08:20|092|J.SMITH |OUT|18008547226 |01:07|01.30||08:21|001|VMAIL |IN | |00:15|00.00|-AAAAA-BBB-CCCCC------------DDDDDDD-----------EEEEE------­

Figure 9.7:  Alarm Filter Format; Match Parameters Example 1

Example 1: Repeated Attempts to Access Voice Mail

This Alarm Clue counts short calls to voice mail.  This type of call could indicate that a caller is dialing into voice mail and randomly trying access codes in an attempt to find an outside line.

For this example, assume the Alarm Filter Format is defined as in Figure 9.7. Note that the first three lines in Figure 9.7 are sample call records, and the fourth line is the Alarm Filter Format.  The variables A, B, and D are not used for this clue.

Where: CCCCC is the first five characters of the username. EEEEE is the field that lists the call duration.

Match Parameters for this Alarm Clue would be defined as follows:

C=VMAIL*E<=00:30

Where: C=VMAIL Counts calls with "VMAIL" in the username field.

* is the logical "AND" operator.

E<=00:30 Tells NetLink II to count calls which last 30 seconds or less.

Text Box: |19:18|067|R.JONES 	|OUT|12145551234 	|25:36|04.75|
|19:20|092|J.SMITH 	|OUT|18008547226 	|01:07|00.00|
|21:21|002|R.JONES 	|OUT|12135551212 	|30:15|05.75|

-AAAAA-BBB-CCCCC------------DDDDDDD-----------EEEEE------­

Figure 9.8:  Alarm Filter Format; Match Parameters Example 2

Example 2: After Hours Long Distance Calls.

This clue counts long distance calls placed after 6:00 PM and before 7:00 am. This type of call could indicate that a hacker has obtained an access code for an outside line and is using the line to dial long distance numbers after work hours.

For this example, assume the Alarm Filter Format is defined as shown in Figure 9.8. Note that the first three lines in Figure 9.8 are sample call records, and the fourth line is the Alarm Filter Format.  The variables B, C, and E are not used for this clue.

Where: A is the time the call was received or placed. D is the first seven digits of the number dialed.

Match Parameters for this Alarm Clue would be defined as follows:

(A>18:00+A<07:00)*D=1-----­

Where:

(A>18:00+A<07:00)

Counts calls placed after 18:00 or before 07:00.

* is the logical AND operator.

D=1------Counts calls where the first digit of the number dialed is "1". Note that the remaining 6 digits are entered as wild card characters (-).

|17:28|067|T.WILLIAMS |OUT|011811234567 |45:36|20.75||17:20|092|J.SMITH |OUT|18008547226 |01:07|00.00||17:21|002|P.BROWN |OUT|19495839514 |00:57|00.20|-AAAAA-BBB-CCCCC------------DDDDDDD-----------EEEEE------­

Figure 9.9:  Alarm Filter Format; Match Parameters Example 3

Example 3: Lengthy International Calls

This clue requires that you are familiar with the average duration of international calls placed in the course of a normal day.  For example, if your average international call lasts about 10 minutes, and you are suddenly billed for a two hour call, this could indicate phone abuse.

For this example, assume that the Alarm Filter Format is defined as shown in Figure 9.9. Note that the first three lines in Figure 9.9 are sample call records, and the fourth line is the Alarm Filter Format.  The variables A, B, and C are not used for this clue.

Where: D is the field that lists the first seven digits of the number dialed.

E is the field that lists the call duration.

Match Parameters for this Alarm Clue would be defined as follows:

D=011----*E>=20:00

Where: D=011----Counts calls where the first three digits of the number dialed are "011".  The remaining 4 digits are entered as wild card characters (-).

* is the logical AND operator.

E>=20:00 Counts calls that last 20 minutes or longer.

|08:18|067|R.JONES |OUT| 5553333|05:36|00.75||08:20|091|R.PETERS |OUT| 19005551212|31:07|41.00||08:21|002|P.BROWN |OUT| 1900555444411#2|00:57|00.20|----------------------------AAAAAAAAAAAAAAAAA------------­

Figure 9.10:  Alarm Filter Format; Match Parameters Example 4

Example 4: The "Contains String" Operator ($)

This clue provides an example of how the "Contains String" operator ($) can search a field for a specific text string, without regard for the string's position within the field.  This is useful in cases where the call record includes a field with right justified numbers (e.g., the number dialed).

For this example, assume that the Alarm Filter Format is defined as shown in Figure 9.10. Note that the first three lines in Figure 9.10 are sample call records, and the fourth line is the Alarm Filter Format. Where Ais the field that lists the number dialed.

In this example, the PBX also records digits entered after the call has connected. This is often seen in cases where the caller is prompted to press numbers in order to access a specific department or extension.  In the third line of the example, the digits "11#2" represent digits entered after the call was connected.

Match Parameters for this Alarm Clue would be defined as follows:

A$1900

Where A$1900 tells NetLink II to count calls that have the string "1900" anywhere in the "A" field. When the "$" operator is used, wild card characters are not used to fill the remaining digits.

Note: When the "Contains String" operator is used, the clue may also count call records that do not fit the intended purpose of the clue. For example, the clue in this example would also count calls to any number that contains the string "1900", such as "555-1900".

9-20