cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
680
Views
1
Helpful
5
Replies

Please Help: CUCM Logs Don't Show Calling Party for Suspicious Calls

master001
Level 2
Level 2

Hello all, 

Our phone system is experience suspicious outbound calls, all of them are international calls. 

I tried to trace the calls information from CUCM logs for all suspicious calls without any luck. 

I can see the call first called into our main number, then reached auto attendant message, which was our voicemail system(CUC). From CUC system, it initiated the suspicious outbound calls e.g. 987654321000 (Please consider this "faked" number just as example, same number in the log files)

I use TranslatorX for log analysis. It doesn't help  - It doesn't generate any call flow sequence diagram,"call list" shows blank, it doesn't show any calls including calling party information etc. 

Hope anyone can shed some lights on what was really happening for this suspicious call. 

Much appreciated. 

I attached CUCM logs in the attachment (calllogs.txt and SDL log.txt). 

 

 

(P.S. Phone numbers and IP addresses below and in the logs are modified from original logs)

Destination number of suspicious outbound call :  987654321000(Please consider this "faked" number just as example, same number in the log files)

Environment: 

On-prem CUCM +CUC+ H323 voice gateway; 

IP address:

CUCM sub : 172.2.1.43 (all end points registered to this server) 

CUC server: 172.2.1.44

H323 VGW : 172.2.1.3

81330 :  office main number, ( it is translated to 5 digits via H323 dial-peer) 
89001:   route pattern, CUCM ->CUC pilot number 

Please kindly advise. 

Best regards,

master001

5 Replies 5

I assume you haven't set restriction on Unity connection for transferred call. If not,your auto attend can be misused for calling out side PSTN numbers.

Allow only internal pattern and block the rest  on CUC.

The below guide will help you.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/unity_exp/rel9_0/online_help/cue_gui/configrstictable.pdf



Response Signature


Thanks Nithin for your advice!  For sure this restriction setup will be my "to-do" list.  

I just uploaded my logs again....still, I am wondering if what the logs can tell us what was really happening to those "transferred calls". 

Thanks again. 

master001

I have set up the restriction table to block the international calling.   

A "dumb" question... How can I test it?  e.g. if I want to test the restriction table re: "transferred call",  should I call in main number or call in individual voice mail box?

Thanks again, 

master001     

Apart from the advice given by @Nithin Eluvathingal I would also recommend you to limit the partitions that CUC has access to in the CSS on either the SIP trunk or on the SCCP ports, depending on what type of integration you use. This CSS does not typically require access to any partition(s) that grants access to external calling, including access to TEHO calling if you use that. Typically CUC only needs access to the partition(s) where you have your directory numbers.



Response Signature


Thanks Roger for your advice!  I will look into this option as well.