[asterisk-dev] [Code Review] Generate security events in chan_sip using new Security Events Framework

jrose reviewboard at asterisk.org
Tue Sep 20 12:19:00 CDT 2011 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1362/#review4396
-----------------------------------------------------------



/branches/10/configs/logger.conf.sample
<https://reviewboard.asterisk.org/r/1362/#comment8519>

    The comments about what 'security' is don't really belong here I think.  You would put a mention of 'security' being available above this is here:
    
    ; Format is "filename" and then "levels" of debugging to be included:
    ;    debug
    ;    notice
    ...
    ;    fax
    +;    security
    
    Leaving the sample logging configuration though seems pretty appropriate to me.  I'd go ahead and move it to be among the others though... probably right after debug => debug, so
    
    ;debug => debug
    +;securitylog => security
    console => notice,warning,error
    
    At the moment we don't really describe what any of these loggable in here actually are... aside from suggesting that having debug logged can make logs hard to read and explode in size.  I'm thinking that might just be something that is supposed to be in the wiki.


This appears rather functional to me though and it looks like you took most everyone's issues to mind when revising this patch.

- jrose


On Sept. 19, 2011, 12:35 p.m., elguero wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1362/
> -----------------------------------------------------------
> 
> (Updated Sept. 19, 2011, 12:35 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> Security Events Framework was added in 1.8 and support was added for AMI to generate events at that time.
> 
> This patch attempts to add support in chan_sip to generate security events.  Hopefully we can get this into Asterisk 10.
> 
> I am looking forward to hearing feedback on where this patch can be improved especially from those who have an intimate knowledge of chan_sip.
> 
> Thanks
> 
> 
> This addresses bug ASTERISK-18264.
>     https://issues.asterisk.org/jira/browse/ASTERISK-18264
> 
> 
> Diffs
> -----
> 
>   /branches/10/CHANGES 336574 
>   /branches/10/channels/chan_sip.c 336574 
>   /branches/10/channels/sip/include/sip.h 336574 
>   /branches/10/configs/logger.conf.sample 336574 
>   /branches/10/include/asterisk/event_defs.h 336574 
>   /branches/10/include/asterisk/security_events_defs.h 336574 
>   /branches/10/main/event.c 336574 
>   /branches/10/main/security_events.c 336574 
> 
> Diff: https://reviewboard.asterisk.org/r/1362/diff
> 
> 
> Testing
> -------
> 
> Local dev machine and a softphone.  Generated events by using the wrong username, wrong password, wrong auth name, successful authentication.
> 
> 
> Thanks,
> 
> elguero
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20110920/050ec153/attachment.htm>

More information about the asterisk-dev mailing list