[asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!

Matthew Jordan mjordan at digium.com
Mon Feb 13 09:05:11 CST 2012



> From: "Bruce B" <bruceb444 at gmail.com>
> To: "Asterisk Developers Mailing List"
> <asterisk-dev at lists.digium.com>
> Sent: Monday, February 13, 2012 8:49:34 AM
> Subject: Re: [asterisk-dev] Non-universalized log messages render
> security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe
> other versions as well !!!

> > > I also checked res_security_log and the module is loaded but it
> > > doesn't add ANY whatsoever logs in Asterisk 1.8. Is that an
> > > incomplete module?
> > 
> 

> > Like Paul stated, support for logging security events in chan_sip
> > was
> > added in Asterisk 10. In Asterisk 1.8, I think only AMI security
> > events are logged. Also, make sure that you enable it in
> > logger.conf. The security events will be contained in a separate
> > log
> > file.
> 

> Thanks Michael. For the sake of testing I installed Asterisk 10.1.2
> and I have res_security_log.so loaded and I have this line in
> logger.conf as per directions:

> security => security

> However, there are NO LOGS generated in this file. The best I can see
> from Asterisk is this:
> [Feb 13 09:46:21] NOTICE[14762]: chan_sip.c:22906
> handle_request_invite: Sending fake auth rejection for device
> "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as55ac8bb5

A NOTICE log message is not a security message.  The wiki pages linked
previously specify what you should see in the log security log file.

https://wiki.asterisk.org/wiki/display/AST/Security+Log+File+Format

If it is configured correctly, you should see the log file specified
in logger.conf created on Asterisk start up.  For example, when using
the following in logger.conf:




> To conclude, res_security_log does NOT log anything so far. CDRs do
> not include the source IP address and Asterisk doesn't mention the
> source IP no where in Asterisk 1.8 or 10.x. Am I missing something?
> Have you tested this yourself?

> Regards,

> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --

> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev



More information about the asterisk-dev mailing list