Warning! You are viewing an older version of FraudStopper Guides. View the latest
Configuration
The FraudStopper configuration file is an XML document that controls the different elements of the FraudStopper software.
-
<licenseFilename>: This is a standalone parameter to specify the name of the license file. -
<detection>: This configuration group controls the FraudStopper detection threshold parameters. -
<loaders>: This configuration group controls the fraudStopper loader settings. -
<smtp>: Configuration of the SMTP interface used by the Alarms and Reports Controllers. -
<snmp>: Configuration of the SNMP interface used by the Alarms and Reports Controllers.
License Filename
The default licenseFilename is conf/license.txt and can be overridden in the FraudStopper configuration file using the licenseFilename parameter.
<licenseFilename>dist/conf/license.txt</licenseFilename>
Detection
-
history/min: The minimum number of days of data required before FraudStopper will go online and begin to generate Alarms. -
history/max: The maximum number of days of data retained for consideration in threshold calculations. This value also impacts the license count since users without calls within the history window are removed from the system and the license is returned to the pool. -
threshold/count: The minimum threshold for cumulative call count over which FraudStopper alarms when the call history does not dictate a high threshold for that user or day of week. The default is 18 calls. -
threshold/duration: The minimum threshold for cumulative call duration in minutes over which FraudStopper alarms when the call history does not dictate a high threshold for that user or day of week. The default is 300 minutes. -
deviationMultiple: The multiple of standard deviation used to calculate the threshold of call count or duration. The default is 3.
<detection>
<history min="30" max="180" />
<threshold count="18" duration="300" />
<deviationMultiple>3</deviationMultiple>
</detection>
Loaders
The loaders configuration group contain one or more loader groups.
Loader
Each loader group controls a new instance of a co.ecg.cdrprocessor.processors.CDRProcessor subclass. The only subclass currently supported is co.ecg.cdrprocessor.processors.BroadWorksCDRProcessor. More than one loader may be specified.
-
type: Specifies the full class name of the CDRProcessor instance to be used when processing CDRs by this loader. -
name: Specifies the name of the loader to be used to identify the source of CDRs within FraudStopper. This arbitrary value should be unique within the system. Once set, this value MUST NOT BE CHANGED without contacting ECG support.
<loaders>
<loader type="co.ecg.cdrprocessor.processors.BroadWorksCDRProcessor" name="production">
[...]
</loader>
<loader type="co.ecg.cdrprocessor.processors.BroadWorksCDRProcessor" name="lab">
[...]
</loader>
</loaders>
Loader parameters
Row Details-
rowDetails:
<rowDetails>
<cdrRow type="header" length="1" />
<cdrRow type="failover" length="45" />
<cdrRow type="call" length="378" />
</rowDetails>
-
cdrFolders:
<cdrFolders>
<folder>/mnt/frauddetectionCDRs/archive</folder>
<folder>/mnt/frauddetectionCDRs/current</folder>
</cdrFolders>
-
callTypes:
<callTypes>
<callType>in</callType>
<callType>car</callType>
<callType>ltin</callType>
<callType>ind</callType>
</callTypes>
<loaders>
<loader type="co.ecg.cdrprocessor.processors.BroadWorksCDRProcessor" name="production">
<rowDetails>
<cdrRow type="header" length="1" />
<cdrRow type="failover" length="45" />
<cdrRow type="call" length="378" />
</rowDetails>
<cdrFolders>
<folder>/mnt/frauddetectionCDRs/archive</folder>
<folder>/Users/jpuckett/frauddetectionCDRs/current</folder>
</cdrFolders>
<callTypes>
<callType>in</callType>
<callType>car</callType>
<callType>ltin</callType>
<callType>ind</callType>
</callTypes>
</loader>
[...]
</loaders>
SMTP
The <smtp> configuration group configures the values related to outbound SMTP server connections used for Alarms and Nightly Reports.
-
hostname: The hostname of the mail server that will relay outbound email messages for Alarms and Nightly Reports. -
tls/enabled: Enables or disables TLS support between FraudStopper and the outbound SMTP server. The default is disabled. -
port: The TCP port that will be used to connect to the outbound SMTP server. The default is 25. -
authentication/enabled: Enables or disables SMTP authentication. If enabled, theusernameandpasswordmust also be provided.-
username: The username used for SMTP authentication for outbound SMTP connections. -
password: The password to be used for SMTP authentication for outbound SMTP connections.
-
-
fromAddress: The email address to be used in theFrom:header on Alarms and Reports sent via email.
-
toAddresses: This configuration group defines a list of email addresses to be included when Alarms and Reports are sent by FraudStopper. More than one<toAddress>may be specified.-
toAddress: Emails addresses to be used for outbound email.
-
-
subject: The subject line prefix to be used for outbound email messages.
<smtp>
<hostname>mail.e-c-group.com</hostname>
<tls enabled="false" />
<port>25</port>
<authentication enabled="false">
<username>fraud</username>
<password>PASSWORD</password>
</authentication>
<fromAddress>fraud@serviceprovider.com</fromAddress>
<toAddresses>
<toAddress>operator@serviceprovider.com</toAddress>
<toAddress>support@serviceprovider.com</toAddress>
</toAddresses>
<subject>[FRAUD - XXX]</subject>
</smtp>
SNMP
The configuration group configures the values related to Simple Network Management Protocol(SNMP) services used for polling and traps.
<snmp>
<listener>
<addresss>0.0.0.0/8001</addresss>
<community>public</community>
</listener>
<trap enabled="true">
<community>public</community>
<destination>192.168.133.232/162</destination>
</trap>
</snmp>