Lessons learned on the usage of call logs for security and management in IP telephony

Telephone network operation and management tasks rely on the collection of data logs to effectively troubleshoot problems and observe trends. As operators try to streamline their investments in monitoring systems, data logs collected for other purposes represent a valuable and handy source of information for these tasks. A common example for both traditional public switched telephone and IP telephony networks ones are call detail records (also termed call data records). These contain detailed information about telephone calls such as the identities of sources and destinations, the duration of each call, and reply codes. Unfortunately, the way CDRs are collected and their formats can vary significantly among different operators. Without careful consideration of the basic principles and requirements outlined in this article, the use of any type of data logs for traffic management, security, and engineering purposes can become quite cumbersome and even result in misleading conclusions. The intention of this article is to support other researchers and practitioners working with telephony logs. Therefore, we provide an overview of the most relevant lessons we have learned when dealing with massive amounts of CDRs from different operators, such as how to handle different non-standard logging formats across operators and understanding common sources of call log analysis errors.