[asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!
Bruce B
bruceb444 at gmail.com
Sun Feb 12 17:04:27 CST 2012
>
>
> > In both cases, allowguest=no, alwaysauthrej=yes, and nat=yes was set in
> > sip.conf.
> >
> > Unless these log messages are universalized and unless the source IP
> > address is always logged, there is NO WAY to use Fail2ban or any other
> > security tool effectively.
>
> You can look into the CDRs. There should be an originator's IP address
> there.
> And if you will find many failed call attempts from the same source IP, you
> can activate Fail2ban or similar tool.
>
>
Okay, so there is no mention of the source IP in CDRs either. When the fake
message is sent it doesn't log that attempt in CDRs. Do you now agree that
this is a very much needed log that should be there? So, there is literary
no way to grab the IP. It seems that this should be part of the allowguest
section to log the source IP just as the "fake" message is sent.
I also checked res_security_log and the module is loaded but it doesn't add
ANY whatsoever logs in Asterisk 1.8. Is that an incomplete module?
Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120212/6565c045/attachment.htm>
More information about the asterisk-dev
mailing list