CountryGrouping: Difference between revisions
(Review: replaced duplicate Scaling content with relevant Country Grouping and GeoIP documentation) |
(Add critical note about Country Prefix Rules tab being for exceptions only) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
[[Category:Configuration]] | [[Category:Configuration]] | ||
This guide covers country-based | This guide covers country-based features in VoIPmonitor: GeoIP for IP geolocation, phone number prefix detection, anti-fraud alerts, and geographic filtering. | ||
== | == Country Detection Methods == | ||
VoIPmonitor uses GeoIP | VoIPmonitor uses two distinct methods for country detection: | ||
{| class="wikitable" | |||
! Method !! Based On !! Use Case !! Configuration | |||
|- | |||
| '''GeoIP''' || IP address geolocation || Detect location of endpoints || Settings → System Configuration → GeoIP | |||
|- | |||
| '''Country Prefixes''' || Phone number prefix (+1, +44, etc.) || Detect call destinations || Settings → Country Prefixes | |||
|} | |||
{{Note|1=GeoIP tells you WHERE a device is located. Country Prefixes tell you WHERE a call is going to (destination number).}} | |||
== GeoIP Configuration == | == GeoIP Configuration == | ||
GeoIP services are configured in ''' | GeoIP services are configured in '''Settings → System Configuration → GeoIP'''. | ||
=== Service Priority === | === Service Priority === | ||
For | VoIPmonitor tries services in order until successful: | ||
# '''MaxMind API''' — Commercial, highest accuracy (requires API key) | |||
# '''IPInfoDB API''' — Alternative service (requires API key) | |||
# '''Local database''' — Bundled with GUI, updated each release | |||
# '''Free portals''' — Fallback (ipinfodb, freegeoip, maxmind) | |||
{{Tip|1=For the most accurate and up-to-date data, configure a MaxMind API key. API lookups use MaxMind's live database.}} | |||
For database update procedures, see [[Order_of_GeoIP_processing]]. | |||
== Country Prefix Configuration == | |||
Country prefixes are used for '''destination country alerts''' based on called numbers (not IPs). | |||
'''Configuration:''' Settings → Country Prefixes | |||
{| class="wikitable" | |||
! Setting !! Description | |||
|- | |||
| Prefix list || Phone number prefixes per country (+1 for US, +44 for UK, etc.) | |||
|- | |||
| NANPA support || North American Numbering Plan handling | |||
|- | |||
| Strict for prefixes || Require exact prefix match | |||
|} | |||
== Country-Based Anti-Fraud Alerts == | == Country-Based Anti-Fraud Alerts == | ||
Configure in '''Alerts → Anti Fraud'''. For complete anti-fraud documentation, see [[Anti-fraud]]. | |||
=== | === Alert Types === | ||
''' | {| class="wikitable" | ||
! Alert !! Detection Method !! Trigger !! Use Case | |||
|- | |||
| '''Country/Continent Destination''' || Phone prefix || Calls to specific countries/continents || Block high-fraud destinations | |||
|- | |||
| '''Change CDR Country''' || GeoIP || Caller/callee IP country changes || Detect compromised accounts | |||
|- | |||
| '''Change REGISTER Country''' || GeoIP || Device registers from different country || Detect SIP credential theft | |||
|} | |||
=== Country Destination Alert Configuration === | |||
* '''Countries/Continents:''' Select targets (or "ALL") | |||
* '''Exclude countries:''' Whitelist for legitimate destinations | |||
* '''Strict for prefixes:''' Require exact prefix match | |||
* '''Threshold:''' Number of calls or percentage to trigger | |||
{{Warning|1=Country Destination Alert uses PHONE NUMBER PREFIXES, not GeoIP. To detect calls based on destination IP country, use CDR filters with GeoIP.}} | |||
=== Change Country Alerts Configuration === | |||
Both "Change CDR Country" and "Change REGISTER Country" alerts detect geographic anomalies: | |||
''' | * '''Exclude countries:''' Whitelist for expected travel (e.g., border regions) | ||
* | * '''Filter by number/IP:''' Apply only to specific users or ranges | ||
* | * '''Time window:''' How far back to check for previous location | ||
== Country Filtering in CDR == | == Country Filtering in CDR == | ||
When GeoIP is enabled | When GeoIP is enabled: | ||
# Go to '''CDR → Filter''' | # Go to '''CDR → Filter''' | ||
# Use | # Use country filter fields (Caller Country, Called Country) | ||
# Select | # Select countries from dropdown or enter country codes | ||
Applications: | |||
* | * Traffic analysis by geographic region | ||
* Compliance reporting | |||
* | * International call pattern monitoring | ||
== Integration with IP Groups == | == Integration with IP Groups == | ||
Combine GeoIP features with [[Groups#IP_Groups|IP Groups]] for granular control: | |||
* Create IP Groups for known provider IPs per country | * Create IP Groups for known provider IPs per country | ||
* Use Groups in alert filters for precise targeting | * Use Groups in alert filters for precise targeting | ||
* Combine country | * Combine country alerts with IP-based filtering | ||
== Troubleshooting == | == Troubleshooting == | ||
=== GeoIP Data Not Showing === | === GeoIP Data Not Showing === | ||
# Verify GeoIP configuration in System Configuration | |||
# Check network connectivity to voipmonitor.org | |||
# Try manual database update (see [[Order_of_GeoIP_processing#Manual_Import|manual import]]) | |||
=== Incorrect Country Detection === | === Incorrect Country Detection === | ||
{{Note|GeoIP accuracy depends on IP allocation databases which may be outdated for some ranges.}} | |||
'''To correct GeoIP data:''' | |||
# Submit correction to [https://www.maxmind.com/en/geoip-correction MaxMind Correction Form] | |||
# Wait for MaxMind database update cycle | |||
# Contact VoIPmonitor support to include updated data in next GUI release | |||
# Upgrade GUI to receive corrected database | |||
'''Faster alternative:''' Configure MaxMind API key for real-time lookups. | |||
== See Also == | == See Also == | ||
* [[Anti-fraud]] | |||
* [[Order_of_GeoIP_processing]] | * [[Anti-fraud]] — Complete anti-fraud alert configuration | ||
* [[Groups]] | * [[Order_of_GeoIP_processing]] — GeoIP service priority and manual database updates | ||
* [[Alerts]] | * [[Groups]] — IP Groups and Telephone Number Groups | ||
* [[Alerts]] — General alert configuration | |||
=== Important: Country Prefix Rules Tab is for EXCEPTIONS Only === | |||
{{Warning|1=The '''Country Prefixes / Rules''' tab in the GUI is for '''exceptions only'''. Do NOT add standard country codes there.}} | |||
=== Common Mistake === | |||
If you add standard country codes (e.g., <code>32</code> for Belgium, <code>44</code> for UK) to the Rules tab, country detection will fail. The Rules tab is only for: | |||
* Non-standard prefix exceptions | |||
* Special routing rules | |||
* Override cases | |||
=== Correct Configuration === | |||
# Use the main '''Country Prefixes''' table for standard country codes (+1, +44, etc.) | |||
# Leave the '''Rules''' tab empty unless you have specific exceptions | |||
# Standard codes should be added in the primary prefix list, not in the rules | |||
=== Symptoms of Misconfiguration === | |||
* Country flags do not appear in CDR view | |||
* Country filter in CDR view shows no results | |||
* CDR Country column remains empty | |||
These symptoms occur even when <code>cdr_country_code = yes</code> is set in <code>voipmonitor.conf</code> and database number lookup is enabled. | |||
== AI Summary for RAG == | == AI Summary for RAG == | ||
'''Summary:''' | '''Summary:''' VoIPmonitor uses two country detection methods: GeoIP (IP address geolocation) for detecting WHERE devices are located, and Country Prefixes (phone number prefixes like +1, +44) for detecting WHERE calls are going. GeoIP services follow priority: MaxMind API → IPInfoDB API → local database → free portals. Anti-fraud alerts include Country/Continent Destination (prefix-based, real-time), Change CDR Country (GeoIP, detects caller IP country changes), and Change REGISTER Country (GeoIP, detects registration from different country). Country Destination Alert uses PHONE PREFIXES not GeoIP. CDR filtering supports country-based queries when GeoIP is enabled. | ||
'''Keywords:''' country grouping, GeoIP, MaxMind, IPInfoDB, country filtering, anti-fraud, country destination alert, change CDR country, change REGISTER country, geographic location, IP geolocation, fraud detection, country whitelist, exclude countries, continent alert | '''Keywords:''' country grouping, GeoIP, MaxMind, IPInfoDB, country prefixes, country filtering, anti-fraud, country destination alert, change CDR country, change REGISTER country, geographic location, IP geolocation, fraud detection, country whitelist, exclude countries, continent alert, phone prefix, NANPA, international prefix | ||
'''Key Questions:''' | '''Key Questions:''' | ||
* How do I filter CDR by country | * What is the difference between GeoIP and Country Prefixes in VoIPmonitor? | ||
* How do I filter CDR by country? | |||
* How do I set up country-based anti-fraud alerts? | * How do I set up country-based anti-fraud alerts? | ||
* What is the Change CDR Country alert? | * What is the Change CDR Country alert? | ||
| Line 115: | Line 174: | ||
* What GeoIP services does VoIPmonitor use? | * What GeoIP services does VoIPmonitor use? | ||
* How do I configure country destination alerts? | * How do I configure country destination alerts? | ||
* | * Does Country Destination Alert use GeoIP or phone prefixes? | ||
* How do I | * How do I fix incorrect country detection? | ||
Latest revision as of 01:40, 11 January 2026
This guide covers country-based features in VoIPmonitor: GeoIP for IP geolocation, phone number prefix detection, anti-fraud alerts, and geographic filtering.
Country Detection Methods
VoIPmonitor uses two distinct methods for country detection:
| Method | Based On | Use Case | Configuration |
|---|---|---|---|
| GeoIP | IP address geolocation | Detect location of endpoints | Settings → System Configuration → GeoIP |
| Country Prefixes | Phone number prefix (+1, +44, etc.) | Detect call destinations | Settings → Country Prefixes |
ℹ️ Note: GeoIP tells you WHERE a device is located. Country Prefixes tell you WHERE a call is going to (destination number).
GeoIP Configuration
GeoIP services are configured in Settings → System Configuration → GeoIP.
Service Priority
VoIPmonitor tries services in order until successful:
- MaxMind API — Commercial, highest accuracy (requires API key)
- IPInfoDB API — Alternative service (requires API key)
- Local database — Bundled with GUI, updated each release
- Free portals — Fallback (ipinfodb, freegeoip, maxmind)
💡 Tip: For the most accurate and up-to-date data, configure a MaxMind API key. API lookups use MaxMind's live database.
For database update procedures, see Order_of_GeoIP_processing.
Country Prefix Configuration
Country prefixes are used for destination country alerts based on called numbers (not IPs).
Configuration: Settings → Country Prefixes
| Setting | Description |
|---|---|
| Prefix list | Phone number prefixes per country (+1 for US, +44 for UK, etc.) |
| NANPA support | North American Numbering Plan handling |
| Strict for prefixes | Require exact prefix match |
Country-Based Anti-Fraud Alerts
Configure in Alerts → Anti Fraud. For complete anti-fraud documentation, see Anti-fraud.
Alert Types
| Alert | Detection Method | Trigger | Use Case |
|---|---|---|---|
| Country/Continent Destination | Phone prefix | Calls to specific countries/continents | Block high-fraud destinations |
| Change CDR Country | GeoIP | Caller/callee IP country changes | Detect compromised accounts |
| Change REGISTER Country | GeoIP | Device registers from different country | Detect SIP credential theft |
Country Destination Alert Configuration
- Countries/Continents: Select targets (or "ALL")
- Exclude countries: Whitelist for legitimate destinations
- Strict for prefixes: Require exact prefix match
- Threshold: Number of calls or percentage to trigger
⚠️ Warning: Country Destination Alert uses PHONE NUMBER PREFIXES, not GeoIP. To detect calls based on destination IP country, use CDR filters with GeoIP.
Change Country Alerts Configuration
Both "Change CDR Country" and "Change REGISTER Country" alerts detect geographic anomalies:
- Exclude countries: Whitelist for expected travel (e.g., border regions)
- Filter by number/IP: Apply only to specific users or ranges
- Time window: How far back to check for previous location
Country Filtering in CDR
When GeoIP is enabled:
- Go to CDR → Filter
- Use country filter fields (Caller Country, Called Country)
- Select countries from dropdown or enter country codes
Applications:
- Traffic analysis by geographic region
- Compliance reporting
- International call pattern monitoring
Integration with IP Groups
Combine GeoIP features with IP Groups for granular control:
- Create IP Groups for known provider IPs per country
- Use Groups in alert filters for precise targeting
- Combine country alerts with IP-based filtering
Troubleshooting
GeoIP Data Not Showing
- Verify GeoIP configuration in System Configuration
- Check network connectivity to voipmonitor.org
- Try manual database update (see manual import)
Incorrect Country Detection
ℹ️ Note: GeoIP accuracy depends on IP allocation databases which may be outdated for some ranges.
To correct GeoIP data:
- Submit correction to MaxMind Correction Form
- Wait for MaxMind database update cycle
- Contact VoIPmonitor support to include updated data in next GUI release
- Upgrade GUI to receive corrected database
Faster alternative: Configure MaxMind API key for real-time lookups.
See Also
- Anti-fraud — Complete anti-fraud alert configuration
- Order_of_GeoIP_processing — GeoIP service priority and manual database updates
- Groups — IP Groups and Telephone Number Groups
- Alerts — General alert configuration
Important: Country Prefix Rules Tab is for EXCEPTIONS Only
⚠️ Warning: The Country Prefixes / Rules tab in the GUI is for exceptions only. Do NOT add standard country codes there.
Common Mistake
If you add standard country codes (e.g., 32 for Belgium, 44 for UK) to the Rules tab, country detection will fail. The Rules tab is only for:
- Non-standard prefix exceptions
- Special routing rules
- Override cases
Correct Configuration
- Use the main Country Prefixes table for standard country codes (+1, +44, etc.)
- Leave the Rules tab empty unless you have specific exceptions
- Standard codes should be added in the primary prefix list, not in the rules
Symptoms of Misconfiguration
- Country flags do not appear in CDR view
- Country filter in CDR view shows no results
- CDR Country column remains empty
These symptoms occur even when cdr_country_code = yes is set in voipmonitor.conf and database number lookup is enabled.
AI Summary for RAG
Summary: VoIPmonitor uses two country detection methods: GeoIP (IP address geolocation) for detecting WHERE devices are located, and Country Prefixes (phone number prefixes like +1, +44) for detecting WHERE calls are going. GeoIP services follow priority: MaxMind API → IPInfoDB API → local database → free portals. Anti-fraud alerts include Country/Continent Destination (prefix-based, real-time), Change CDR Country (GeoIP, detects caller IP country changes), and Change REGISTER Country (GeoIP, detects registration from different country). Country Destination Alert uses PHONE PREFIXES not GeoIP. CDR filtering supports country-based queries when GeoIP is enabled.
Keywords: country grouping, GeoIP, MaxMind, IPInfoDB, country prefixes, country filtering, anti-fraud, country destination alert, change CDR country, change REGISTER country, geographic location, IP geolocation, fraud detection, country whitelist, exclude countries, continent alert, phone prefix, NANPA, international prefix
Key Questions:
- What is the difference between GeoIP and Country Prefixes in VoIPmonitor?
- How do I filter CDR by country?
- How do I set up country-based anti-fraud alerts?
- What is the Change CDR Country alert?
- How do I detect when a device registers from a different country?
- How do I whitelist countries in anti-fraud alerts?
- What GeoIP services does VoIPmonitor use?
- How do I configure country destination alerts?
- Does Country Destination Alert use GeoIP or phone prefixes?
- How do I fix incorrect country detection?