Somewhere in your VoIP server (or in some other component in your VoIP system) an application is collecting CDRs. A CDR includes information on who originated or received each call, where each call went (intra-office or international), and how long the call lasted. These details about each call are usually written into a database by a VoIP server application.
CDRs are used primarily for billing, although they are also useful for monitoring and troubleshooting. Typical accounting practices demand that every call and attempted call be charged to the proper entity, whether it is a person, department, or company. The charges agreed to by the billing and the billed parties may include a portion of the costs of the network resources they consumed and a portion of the cost of the network management.
For enterprises, the phone bill (chargeback) may be part of each department's budget; each department's portion of the total phone cost may be based on the number of people in the department or on the number and duration of calls. For service providers, billing is obviously much more importantthey need to demonstrate when and where every call was made, and to whom it should be billed.
CDRs may provide information about delay, lost data, and jitter for each VoIP call that is logged. You can gain access to this data by using database queries; however, some of the sophisticated VoIP performance management/monitoring tools now available can generate reports from this data and also let you know at a basic level whether excessive data loss, collisions, or bottlenecks are causing call quality to deteriorate.
These CDRs should be treated as private data. CDRs are an example of the critical files discussed in the earlier section "Maintaining Control over Critical Files." Because they contain private information, they should be protected with physical security measures, and should be accessed only by authorized individuals. This is almost certain to become an increasingly important issue, because legislation in the U.S. now requires government and medical agencies to maintain strict control over their sensitive data.