[asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!

Bruce B bruceb444 at gmail.com
Mon Feb 13 09:34:57 CST 2012


Mathew, thanks for the input. The module res_security_log is registered and
loaded just like you showed. The line security_log => security is also
inserted and uncommented in logger.conf. Yet, when any SIP calls come in,
there are no logs generated. I think the assumption that res_security_log
is working in Asterisk 10.x is not right. Or at least it may only work with
AMI, not be complete, etc...

Do you have any logs generated in the security_log file?

I am making a call from another Asterisk server and I have allowguest=no
and no logs generate in the security_log file.

Best,

On Mon, Feb 13, 2012 at 10:06 AM, Matthew Jordan <mjordan at digium.com> wrote:

> Sorry about that - hit the wrong button and set too soon :-)
>
> Anyway - with security_log => security in my logger.conf, a security_log
> file was created on Asterisk start up.  Verify that the res_security_log
> module is being loaded - in a DEBUG log, you should see something similar
> to the following:
>
> [Feb 13 09:01:25] DEBUG[17253] logger.c: Registered dynamic logger level
> 'SECURITY' with index 18.
> [Feb 13 09:01:25] VERBOSE[17253] res_security_log.c:     -- Security
> Logging Enabled
> [Feb 13 09:01:25] VERBOSE[17253] loader.c:  res_security_log.so =>
> (Security Event Logging)
>
> >
> > > From: "Bruce B" <bruceb444 at gmail.com>
> > > To: "Asterisk Developers Mailing List"
> > > <asterisk-dev at lists.digium.com>
> > > Sent: Monday, February 13, 2012 8:49:34 AM
> > > Subject: Re: [asterisk-dev] Non-universalized log messages render
> > > security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe
> > > other versions as well !!!
> >
> > > > > I also checked res_security_log and the module is loaded but it
> > > > > doesn't add ANY whatsoever logs in Asterisk 1.8. Is that an
> > > > > incomplete module?
> > > >
> > >
> >
> > > > Like Paul stated, support for logging security events in chan_sip
> > > > was
> > > > added in Asterisk 10. In Asterisk 1.8, I think only AMI security
> > > > events are logged. Also, make sure that you enable it in
> > > > logger.conf. The security events will be contained in a separate
> > > > log
> > > > file.
> > >
> >
> > > Thanks Michael. For the sake of testing I installed Asterisk 10.1.2
> > > and I have res_security_log.so loaded and I have this line in
> > > logger.conf as per directions:
> >
> > > security => security
> >
> > > However, there are NO LOGS generated in this file. The best I can
> > > see
> > > from Asterisk is this:
> > > [Feb 13 09:46:21] NOTICE[14762]: chan_sip.c:22906
> > > handle_request_invite: Sending fake auth rejection for device
> > > "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as55ac8bb5
> >
> > A NOTICE log message is not a security message.  The wiki pages
> > linked
> > previously specify what you should see in the log security log file.
> >
> > https://wiki.asterisk.org/wiki/display/AST/Security+Log+File+Format
> >
> > If it is configured correctly, you should see the log file specified
> > in logger.conf created on Asterisk start up.  For example, when using
> > the following in logger.conf:
> >
> >
> >
> >
> > > To conclude, res_security_log does NOT log anything so far. CDRs do
> > > not include the source IP address and Asterisk doesn't mention the
> > > source IP no where in Asterisk 1.8 or 10.x. Am I missing something?
> > > Have you tested this yourself?
> >
> > > Regards,
> >
> > > --
> > > _____________________________________________________________________
> > > -- Bandwidth and Colocation Provided by http://www.api-digital.com
> > > --
> >
> > > asterisk-dev mailing list
> > > To UNSUBSCRIBE or update options visit:
> > > http://lists.digium.com/mailman/listinfo/asterisk-dev
> >
> > --
> > _____________________________________________________________________
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> >
> > asterisk-dev mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-dev
> >
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120213/2bc1e4e1/attachment.htm>


More information about the asterisk-dev mailing list