Symptom
CDRs missing accounting data from the report file consistently, of the order of 3-4 CDRs per 50 calls back to back. The symptom is experienced with a cdrflush-timer 1 configured.
gw-accounting file
maximum buffer-size 15
maximum retry-count 5
maximum fileclose-timer 60
maximum cdrflush-timer 1
With the above configuration, every minute CMEattempts to push CDR reports onto the FTP. The complete process to connect & transfer the CDR contents to FTP mostly took 3-4 seconds.
During this time, if any new CDR entry requests arrived, they get dropped as the file was under a lock during the complete FTP process. After analyzing the design, it looks like the design has a potential issue for CDR flush based on timer expiry.
When a timer is triggered for CDR flush, it seems the existing buffer is used to push contents to the FTP. During connection to FTP, the buffer locks, and if there are any new CDR write attempts into the CDR file, they will fail because of the buffer file being locked. This FTP connection and file transfer process mostly takes 3-4 seconds, and this is the vulnerability period for CDR loss. Any call CDRs received during this time interval will be lost and is not written to the CDR file sent to FTP. CDRs for both call legs can be lost, or just for originate/answer, it purely depends on the timing.
Conditions
Set maximum cdrflush-timer 1
Workaround
Reduce the size of the CDR buffer and increase the CDR timer a bit to trigger buffer full triggered FTP transfer.
maximum buffer-size 15
maximum retry-count 5
maximum fileclose-timer 60
maximum cdrflush-timer 10
Further Problem Description
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
