[asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!

Mon Feb 13 10:29:47 CST 2012

----- Original Message -----

> From: "Bruce B" <bruceb444 at gmail.com>
> To: "Asterisk Developers Mailing List"
> <asterisk-dev at lists.digium.com>
> Sent: Monday, February 13, 2012 10:55:45 AM
> Subject: Re: [asterisk-dev] Non-universalized log messages render
> security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe
> other versions as well !!!

> > I set up a quick test by having some Polycom phones attempt to
> > register with no matching device defined in sip.conf. Below is a
> > snippet from the
> 
> > resulting security log file:
> 

> Mathew, thanks for the test. However, that is not what this whole
> thread is about. I have allowguest=no and I am making call attempts
> to Asterisk without registration and wanting to log the source IP.
> Asterisk 10.1.x logs this message but nothing else that would be
> useful:

> NOTICE[10331] chan_sip.c: Sending fake auth rejection for device
> "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as4a1b8317

> Pavel on this thread suggested source IP will be logged for calls
> like that in CDRs but it is not true. Paul Belanger suggested using
> res_security_log for this purpose but I guess he hasn't tested this
> himself as there are no logs generated.

> Here is the issue again for everyone: I have allowguest=no and I am
> making calls to Asterisk 1.8 or 10.x...The call is rejected with a
> message like this:

> NOTICE[10331] chan_sip.c: Sending fake auth rejection for device
> "Anonymous" <sip:Anonymous at anonymous.invalid>;tag=as4a1b8317

> It's good up to this point but from here on it is not because there
> is NO source IP so I can NOT use any security tools to ban the
> attackers IP. I want to ban any outsiders who attempt on my Asterisk
> but Asterisk doesn't provide the needed log so unless I am missing
> something, allowguest=no feature is not complete as it doesn't log
> properly what it should log. Register attempts are logged properly
> with source IP address but the moment one turns on allowguest=no
> then the logs are INCOMPLETE.

> I appreciate any other suggestions regarding this.

One suggestion, please be careful with the attitude. I hope it is just coming across wrong and that I am reading wrong your emails. It isn't good for trying to get help. 

I think I found the problem. You are correct. With allowguest=no set, the security log does not record anything when a person is not registered. 

I can easily fix this, I believe. Can you go ahead and open an issue and post back the issue number? 

Michael 

(elguero) 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120213/2599a775/attachment.htm>