CountryGrouping: Difference between revisions

From VoIPmonitor.org
(Clarify MaxMind correction workflow and improve searchability)
(Add critical note about Country Prefix Rules tab being for exceptions only)
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:
[[Category:Configuration]]
[[Category:Configuration]]


This guide covers country-based grouping and GeoIP features in VoIPmonitor, including country filtering, anti-fraud alerts based on geographic location, and country-based CDR analysis.
This guide covers country-based features in VoIPmonitor: GeoIP for IP geolocation, phone number prefix detection, anti-fraud alerts, and geographic filtering.


== Overview ==
== Country Detection Methods ==


VoIPmonitor uses GeoIP databases to determine the geographic location of IP addresses. This enables:
VoIPmonitor uses two distinct methods for country detection:
* Country-based filtering in CDR views
 
* Anti-fraud alerts for destination countries/continents
{| class="wikitable"
* Detection of country changes for registered devices
! Method !! Based On !! Use Case !! Configuration
* Geographic analysis and reporting
|-
| '''GeoIP''' || IP address geolocation || Detect location of endpoints || Settings → System Configuration → GeoIP
|-
| '''Country Prefixes''' || Phone number prefix (+1, +44, etc.) || Detect call destinations || Settings → Country Prefixes
|}
 
{{Note|1=GeoIP tells you WHERE a device is located. Country Prefixes tell you WHERE a call is going to (destination number).}}


== GeoIP Configuration ==
== GeoIP Configuration ==


GeoIP services are configured in '''GUI Settings → System Configuration → GeoIP'''.
GeoIP services are configured in '''Settings → System Configuration → GeoIP'''.


=== Service Priority ===
=== Service Priority ===


VoIPmonitor uses GeoIP services in the following order:
VoIPmonitor tries services in order until successful:


<kroki lang="mermaid">
# '''MaxMind API''' — Commercial, highest accuracy (requires API key)
%%{init: {'flowchart': {'nodeSpacing': 15, 'rankSpacing': 40}}}%%
# '''IPInfoDB API''' — Alternative service (requires API key)
flowchart TB
# '''Local database''' — Bundled with GUI, updated each release
    A[IP Lookup Request] --> B{MaxMind API<br/>configured?}
# '''Free portals''' — Fallback (ipinfodb, freegeoip, maxmind)
    B -->|Yes| C[Use MaxMind]
    B -->|No| D{IPInfoDB API<br/>configured?}
    D -->|Yes| E[Use IPInfoDB]
    D -->|No| F[Local Database]
    F --> G{Data found?}
    G -->|Yes| H[Return Country]
    G -->|No| I[Free Portals<br/>fallback]
    C --> H
    E --> H
    I --> H
</kroki>


# '''MaxMind API''' (if API key is configured)
{{Tip|1=For the most accurate and up-to-date data, configure a MaxMind API key. API lookups use MaxMind's live database.}}
# '''IPInfoDB API''' (if API key is configured and MaxMind not available)
# '''Local database''' (updated with each GUI release)
# '''Free demo portals''' (fallback: ipinfodb, freegeoip, maxmind)


For detailed GeoIP configuration, see [[Order_of_GeoIP_processing]].
For database update procedures, see [[Order_of_GeoIP_processing]].


== Country-Based Anti-Fraud Alerts ==
== Country Prefix Configuration ==
 
Country prefixes are used for '''destination country alerts''' based on called numbers (not IPs).


VoIPmonitor provides several anti-fraud alerts that use country detection. These are configured in '''GUI → Alerts → Anti Fraud'''.
'''Configuration:''' Settings → Country Prefixes


=== Country/Continent Destination Alert (Realtime) ===
{| class="wikitable"
! Setting !! Description
|-
| Prefix list || Phone number prefixes per country (+1 for US, +44 for UK, etc.)
|-
| NANPA support || North American Numbering Plan handling
|-
| Strict for prefixes || Require exact prefix match
|}


Triggers when calls are made to specific countries or continents.
== Country-Based Anti-Fraud Alerts ==


'''Use cases:'''
Configure in '''Alerts → Anti Fraud'''. For complete anti-fraud documentation, see [[Anti-fraud]].
* Block or alert on calls to high-fraud destinations
* Monitor international call patterns
* Enforce geographic calling restrictions


'''Configuration:'''
=== Alert Types ===
* Select target countries or continents
* Set threshold (number of calls or percentage)
* Configure notification (email, script)


=== Change CDR Country Alert (CDR-based) ===
{| class="wikitable"
! Alert !! Detection Method !! Trigger !! Use Case
|-
| '''Country/Continent Destination''' || Phone prefix || Calls to specific countries/continents || Block high-fraud destinations
|-
| '''Change CDR Country''' || GeoIP || Caller/callee IP country changes || Detect compromised accounts
|-
| '''Change REGISTER Country''' || GeoIP || Device registers from different country || Detect SIP credential theft
|}


Detects when the IP address of a caller or callee changes to a different country between calls.
=== Country Destination Alert Configuration ===


'''Use cases:'''
* '''Countries/Continents:''' Select targets (or "ALL")
* Detect compromised accounts being used from different locations
* '''Exclude countries:''' Whitelist for legitimate destinations
* Identify VPN/proxy usage
* '''Strict for prefixes:''' Require exact prefix match
* Monitor for credential theft
* '''Threshold:''' Number of calls or percentage to trigger


'''Configuration:'''
{{Warning|1=Country Destination Alert uses PHONE NUMBER PREFIXES, not GeoIP. To detect calls based on destination IP country, use CDR filters with GeoIP.}}
* '''Exclude countries:''' Whitelist of allowed countries (e.g., if users legitimately travel between certain countries)
* Filter by specific numbers or IP ranges


=== Change REGISTER Country Alert (CDR-based) ===
=== Change Country Alerts Configuration ===


Detects when a device's registration IP address changes to a different country.
Both "Change CDR Country" and "Change REGISTER Country" alerts detect geographic anomalies:


'''Use cases:'''
* '''Exclude countries:''' Whitelist for expected travel (e.g., border regions)
* Detect SIP account takeover
* '''Filter by number/IP:''' Apply only to specific users or ranges
* Monitor device mobility
* '''Time window:''' How far back to check for previous location
* Identify suspicious registration patterns


== Country Filtering in CDR ==
== Country Filtering in CDR ==


When GeoIP is enabled, you can filter CDR records by country in the GUI:
When GeoIP is enabled:


# Go to '''CDR → Filter'''
# Go to '''CDR → Filter'''
# Use the country filter fields in the filter form
# Use country filter fields (Caller Country, Called Country)
# Select specific countries from the dropdown
# Select countries from dropdown or enter country codes


This allows you to:
Applications:
* View all calls to/from a specific country
* Traffic analysis by geographic region
* Analyze traffic patterns by geographic region
* Compliance reporting
* Generate country-specific reports
* International call pattern monitoring


== Integration with IP Groups ==
== Integration with IP Groups ==


For more granular control, combine GeoIP features with [[Groups#IP_Groups|IP Groups]]:
Combine GeoIP features with [[Groups#IP_Groups|IP Groups]] for granular control:


* Create IP Groups for known provider IPs per country
* Create IP Groups for known provider IPs per country
* Use Groups in alert filters for precise targeting
* Use Groups in alert filters for precise targeting
* Combine country-based alerts with IP-based filtering
* Combine country alerts with IP-based filtering


== Troubleshooting ==
== Troubleshooting ==
Line 108: Line 109:
=== GeoIP Data Not Showing ===
=== GeoIP Data Not Showing ===


* Check GeoIP configuration in System Configuration
# Verify GeoIP configuration in System Configuration
* Verify GUI can reach voipmonitor.org for database updates
# Check network connectivity to voipmonitor.org
* See [[Order_of_GeoIP_processing#Manually_Updating_the_Local_GeoIP_Database|manual GeoIP database update]]
# Try manual database update (see [[Order_of_GeoIP_processing#Manual_Import|manual import]])


=== Reporting Incorrect GeoIP Data ===
=== Incorrect Country Detection ===


{{Note|GeoIP databases are not 100% accurate. Detection is based on IP address allocation data which may be outdated or incorrect for some ranges.}}
{{Note|GeoIP accuracy depends on IP allocation databases which may be outdated for some ranges.}}


If you encounter incorrect country detection for specific IP addresses:
'''To correct GeoIP data:'''
# Submit correction to [https://www.maxmind.com/en/geoip-correction MaxMind Correction Form]
# Wait for MaxMind database update cycle
# Contact VoIPmonitor support to include updated data in next GUI release
# Upgrade GUI to receive corrected database


1. '''Submit correction to MaxMind:''' Use the [https://www.maxmind.com/en/geoip-correction MaxMind Correction Form] to report incorrect IP location data
'''Faster alternative:''' Configure MaxMind API key for real-time lookups.
2. '''Wait for MaxMind update:''' MaxMind typically processes corrections within their database update cycle
3. '''Notify VoIPmonitor support:''' Once MaxMind has updated their database, contact VoIPmonitor support to request a new GUI release that includes the updated MaxMind data
4. '''Upgrade GUI:''' Install the new GUI version to receive the corrected GeoIP database


{{Tip|1=For the most accurate and up-to-date GeoIP data, configure a MaxMind API key in Settings → System Configuration → GeoIP. API-based lookups use MaxMind's live database and avoid the need to wait for GUI updates.}}
== See Also ==
 
* [[Anti-fraud]] — Complete anti-fraud alert configuration
* [[Order_of_GeoIP_processing]] — GeoIP service priority and manual database updates
* [[Groups]] — IP Groups and Telephone Number Groups
* [[Alerts]] — General alert configuration
 
=== Important: Country Prefix Rules Tab is for EXCEPTIONS Only ===
 
{{Warning|1=The '''Country Prefixes / Rules''' tab in the GUI is for '''exceptions only'''. Do NOT add standard country codes there.}}
 
=== Common Mistake ===
 
If you add standard country codes (e.g., <code>32</code> for Belgium, <code>44</code> for UK) to the Rules tab, country detection will fail. The Rules tab is only for:
* Non-standard prefix exceptions
* Special routing rules
* Override cases
 
=== Correct Configuration ===
 
# Use the main '''Country Prefixes''' table for standard country codes (+1, +44, etc.)
# Leave the '''Rules''' tab empty unless you have specific exceptions
# Standard codes should be added in the primary prefix list, not in the rules
 
=== Symptoms of Misconfiguration ===
 
* Country flags do not appear in CDR view
* Country filter in CDR view shows no results
* CDR Country column remains empty
 
These symptoms occur even when <code>cdr_country_code = yes</code> is set in <code>voipmonitor.conf</code> and database number lookup is enabled.


== See Also ==


* [[Anti-fraud]] - Complete anti-fraud alert configuration
* [[Order_of_GeoIP_processing]] - GeoIP service priority and manual updates
* [[Groups]] - IP Groups and Telephone Number Groups
* [[Alerts]] - General alert configuration


== AI Summary for RAG ==
== AI Summary for RAG ==


'''Summary:''' Guide to country grouping and GeoIP-based features in VoIPmonitor. Covers GeoIP service configuration (MaxMind API → IPInfoDB API → local database → free portals fallback), country-based anti-fraud alerts (Country/Continent Destination for real-time detection of calls to high-fraud destinations, Change CDR Country for detecting caller IP country changes between calls, Change REGISTER Country for detecting device registration from different countries), country filtering in CDR views, and integration with IP Groups. GeoIP enables geographic analysis, fraud detection, and compliance with calling restrictions.
'''Summary:''' VoIPmonitor uses two country detection methods: GeoIP (IP address geolocation) for detecting WHERE devices are located, and Country Prefixes (phone number prefixes like +1, +44) for detecting WHERE calls are going. GeoIP services follow priority: MaxMind API → IPInfoDB API → local database → free portals. Anti-fraud alerts include Country/Continent Destination (prefix-based, real-time), Change CDR Country (GeoIP, detects caller IP country changes), and Change REGISTER Country (GeoIP, detects registration from different country). Country Destination Alert uses PHONE PREFIXES not GeoIP. CDR filtering supports country-based queries when GeoIP is enabled.


'''Keywords:''' country grouping, GeoIP, MaxMind, IPInfoDB, country filtering, anti-fraud, country destination alert, change CDR country, change REGISTER country, geographic location, IP geolocation, fraud detection, country whitelist, exclude countries, continent alert
'''Keywords:''' country grouping, GeoIP, MaxMind, IPInfoDB, country prefixes, country filtering, anti-fraud, country destination alert, change CDR country, change REGISTER country, geographic location, IP geolocation, fraud detection, country whitelist, exclude countries, continent alert, phone prefix, NANPA, international prefix


'''Key Questions:'''
'''Key Questions:'''
* How do I filter CDR by country in VoIPmonitor?
* What is the difference between GeoIP and Country Prefixes in VoIPmonitor?
* How do I filter CDR by country?
* How do I set up country-based anti-fraud alerts?
* How do I set up country-based anti-fraud alerts?
* What is the Change CDR Country alert?
* What is the Change CDR Country alert?
Line 146: Line 174:
* What GeoIP services does VoIPmonitor use?
* What GeoIP services does VoIPmonitor use?
* How do I configure country destination alerts?
* How do I configure country destination alerts?
* Can I combine country alerts with IP Groups?
* Does Country Destination Alert use GeoIP or phone prefixes?
* How do I troubleshoot incorrect country detection?
* How do I fix incorrect country detection?
* What is the GeoIP service priority order?

Latest revision as of 01:40, 11 January 2026


This guide covers country-based features in VoIPmonitor: GeoIP for IP geolocation, phone number prefix detection, anti-fraud alerts, and geographic filtering.

Country Detection Methods

VoIPmonitor uses two distinct methods for country detection:

Method Based On Use Case Configuration
GeoIP IP address geolocation Detect location of endpoints Settings → System Configuration → GeoIP
Country Prefixes Phone number prefix (+1, +44, etc.) Detect call destinations Settings → Country Prefixes

ℹ️ Note: GeoIP tells you WHERE a device is located. Country Prefixes tell you WHERE a call is going to (destination number).

GeoIP Configuration

GeoIP services are configured in Settings → System Configuration → GeoIP.

Service Priority

VoIPmonitor tries services in order until successful:

  1. MaxMind API — Commercial, highest accuracy (requires API key)
  2. IPInfoDB API — Alternative service (requires API key)
  3. Local database — Bundled with GUI, updated each release
  4. Free portals — Fallback (ipinfodb, freegeoip, maxmind)

💡 Tip: For the most accurate and up-to-date data, configure a MaxMind API key. API lookups use MaxMind's live database.

For database update procedures, see Order_of_GeoIP_processing.

Country Prefix Configuration

Country prefixes are used for destination country alerts based on called numbers (not IPs).

Configuration: Settings → Country Prefixes

Setting Description
Prefix list Phone number prefixes per country (+1 for US, +44 for UK, etc.)
NANPA support North American Numbering Plan handling
Strict for prefixes Require exact prefix match

Country-Based Anti-Fraud Alerts

Configure in Alerts → Anti Fraud. For complete anti-fraud documentation, see Anti-fraud.

Alert Types

Alert Detection Method Trigger Use Case
Country/Continent Destination Phone prefix Calls to specific countries/continents Block high-fraud destinations
Change CDR Country GeoIP Caller/callee IP country changes Detect compromised accounts
Change REGISTER Country GeoIP Device registers from different country Detect SIP credential theft

Country Destination Alert Configuration

  • Countries/Continents: Select targets (or "ALL")
  • Exclude countries: Whitelist for legitimate destinations
  • Strict for prefixes: Require exact prefix match
  • Threshold: Number of calls or percentage to trigger

⚠️ Warning: Country Destination Alert uses PHONE NUMBER PREFIXES, not GeoIP. To detect calls based on destination IP country, use CDR filters with GeoIP.

Change Country Alerts Configuration

Both "Change CDR Country" and "Change REGISTER Country" alerts detect geographic anomalies:

  • Exclude countries: Whitelist for expected travel (e.g., border regions)
  • Filter by number/IP: Apply only to specific users or ranges
  • Time window: How far back to check for previous location

Country Filtering in CDR

When GeoIP is enabled:

  1. Go to CDR → Filter
  2. Use country filter fields (Caller Country, Called Country)
  3. Select countries from dropdown or enter country codes

Applications:

  • Traffic analysis by geographic region
  • Compliance reporting
  • International call pattern monitoring

Integration with IP Groups

Combine GeoIP features with IP Groups for granular control:

  • Create IP Groups for known provider IPs per country
  • Use Groups in alert filters for precise targeting
  • Combine country alerts with IP-based filtering

Troubleshooting

GeoIP Data Not Showing

  1. Verify GeoIP configuration in System Configuration
  2. Check network connectivity to voipmonitor.org
  3. Try manual database update (see manual import)

Incorrect Country Detection

ℹ️ Note: GeoIP accuracy depends on IP allocation databases which may be outdated for some ranges.

To correct GeoIP data:

  1. Submit correction to MaxMind Correction Form
  2. Wait for MaxMind database update cycle
  3. Contact VoIPmonitor support to include updated data in next GUI release
  4. Upgrade GUI to receive corrected database

Faster alternative: Configure MaxMind API key for real-time lookups.

See Also

Important: Country Prefix Rules Tab is for EXCEPTIONS Only

⚠️ Warning: The Country Prefixes / Rules tab in the GUI is for exceptions only. Do NOT add standard country codes there.

Common Mistake

If you add standard country codes (e.g., 32 for Belgium, 44 for UK) to the Rules tab, country detection will fail. The Rules tab is only for:

  • Non-standard prefix exceptions
  • Special routing rules
  • Override cases

Correct Configuration

  1. Use the main Country Prefixes table for standard country codes (+1, +44, etc.)
  2. Leave the Rules tab empty unless you have specific exceptions
  3. Standard codes should be added in the primary prefix list, not in the rules

Symptoms of Misconfiguration

  • Country flags do not appear in CDR view
  • Country filter in CDR view shows no results
  • CDR Country column remains empty

These symptoms occur even when cdr_country_code = yes is set in voipmonitor.conf and database number lookup is enabled.


AI Summary for RAG

Summary: VoIPmonitor uses two country detection methods: GeoIP (IP address geolocation) for detecting WHERE devices are located, and Country Prefixes (phone number prefixes like +1, +44) for detecting WHERE calls are going. GeoIP services follow priority: MaxMind API → IPInfoDB API → local database → free portals. Anti-fraud alerts include Country/Continent Destination (prefix-based, real-time), Change CDR Country (GeoIP, detects caller IP country changes), and Change REGISTER Country (GeoIP, detects registration from different country). Country Destination Alert uses PHONE PREFIXES not GeoIP. CDR filtering supports country-based queries when GeoIP is enabled.

Keywords: country grouping, GeoIP, MaxMind, IPInfoDB, country prefixes, country filtering, anti-fraud, country destination alert, change CDR country, change REGISTER country, geographic location, IP geolocation, fraud detection, country whitelist, exclude countries, continent alert, phone prefix, NANPA, international prefix

Key Questions:

  • What is the difference between GeoIP and Country Prefixes in VoIPmonitor?
  • How do I filter CDR by country?
  • How do I set up country-based anti-fraud alerts?
  • What is the Change CDR Country alert?
  • How do I detect when a device registers from a different country?
  • How do I whitelist countries in anti-fraud alerts?
  • What GeoIP services does VoIPmonitor use?
  • How do I configure country destination alerts?
  • Does Country Destination Alert use GeoIP or phone prefixes?
  • How do I fix incorrect country detection?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=CountryGrouping&oldid=10639"