[asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!

Matthew Jordan mjordan at digium.com
Mon Feb 13 09:06:57 CST 2012 

Sorry about that - hit the wrong button and set too soon :-)

Anyway - with security_log => security in my logger.conf, a security_log
file was created on Asterisk start up.  Verify that the res_security_log
module is being loaded - in a DEBUG log, you should see something similar
to the following:

[Feb 13 09:01:25] DEBUG[17253] logger.c: Registered dynamic logger level 'SECURITY' with index 18.
[Feb 13 09:01:25] VERBOSE[17253] res_security_log.c:     -- Security Logging Enabled
[Feb 13 09:01:25] VERBOSE[17253] loader.c:  res_security_log.so => (Security Event Logging)

> 
> > From: "Bruce B" <bruceb444 at gmail.com>
> > To: "Asterisk Developers Mailing List"
> > <asterisk-dev at lists.digium.com>
> > Sent: Monday, February 13, 2012 8:49:34 AM
> > Subject: Re: [asterisk-dev] Non-universalized log messages render
> > security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe
> > other versions as well !!!
> 
> > > > I also checked res_security_log and the module is loaded but it
> > > > doesn't add ANY whatsoever logs in Asterisk 1.8. Is that an
> > > > incomplete module?
> > > 
> > 
> 
> > > Like Paul stated, support for logging security events in chan_sip
> > > was
> > > added in Asterisk 10. In Asterisk 1.8, I think only AMI security
> > > events are logged. Also, make sure that you enable it in
> > > logger.conf. The security events will be contained in a separate
> > > log
> > > file.
> > 
> 
> > Thanks Michael. For the sake of testing I installed Asterisk 10.1.2
> > and I have res_security_log.so loaded and I have this line in
> > logger.conf as per directions:
> 
> > security => security
> 
> > However, there are NO LOGS generated in this file. The best I can
> > see
> > from Asterisk is this:
> > [Feb 13 09:46:21] NOTICE[14762]: chan_sip.c:22906
> > handle_request_invite: Sending fake auth rejection for device
> > "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as55ac8bb5
> 
> A NOTICE log message is not a security message.  The wiki pages
> linked
> previously specify what you should see in the log security log file.
> 
> https://wiki.asterisk.org/wiki/display/AST/Security+Log+File+Format
> 
> If it is configured correctly, you should see the log file specified
> in logger.conf created on Asterisk start up.  For example, when using
> the following in logger.conf:
> 
> 
> 
> 
> > To conclude, res_security_log does NOT log anything so far. CDRs do
> > not include the source IP address and Asterisk doesn't mention the
> > source IP no where in Asterisk 1.8 or 10.x. Am I missing something?
> > Have you tested this yourself?
> 
> > Regards,
> 
> > --
> > _____________________________________________________________________
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com
> > --
> 
> > asterisk-dev mailing list
> > To UNSUBSCRIBE or update options visit:
> > http://lists.digium.com/mailman/listinfo/asterisk-dev
> 
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> 
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>

More information about the asterisk-dev mailing list