<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Arial; font-size: 10pt; color: #000000'><hr id="zwchr"><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px; color: rgb(0, 0, 0); font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Bruce B" <bruceb444@gmail.com><br><b>To: </b>"Asterisk Developers Mailing List" <asterisk-dev@lists.digium.com><br><b>Sent: </b>Monday, February 13, 2012 10:55:45 AM<br><b>Subject: </b>Re: [asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">I set up a quick test by having some Polycom phones attempt to register</div>
with no matching device defined in sip.conf. Below is a snippet from the<br>
resulting security log file:<br><br></blockquote><div><br></div><div>Mathew, thanks for the test. However, that is not what this whole thread is about. I have allowguest=no and I am making call attempts to Asterisk without registration and wanting to log the source IP. Asterisk 10.1.x logs this message but nothing else that would be useful:</div>
<div><br></div><div> <i style="">NOTICE[10331] chan_sip.c: Sending fake auth rejection for device "Anonymous" <sip:Anonymous@anonymous.invalid>;tag=as4a1b8317</i></div><div><i style=""><br></i></div><div><span style="">Pavel on this thread suggested source IP will be logged for calls like that in CDRs but it is not true. Paul Belanger suggested using res_security_log for this purpose but I guess he hasn't tested this himself as there are no logs generated.</span></div>
<div><span style=""><br></span></div><div><span style="">Here is the issue again for everyone: I have allowguest=no and I am making calls to Asterisk 1.8 or 10.x...The call is rejected with a message like this:</span></div><div>
<span style=""><br></span></div><div> <i style="">NOTICE[10331] chan_sip.c: Sending fake auth rejection for device "Anonymous" <sip:Anonymous@anonymous.invalid>;tag=as4a1b8317</i>
</div><div><i style=""><br></i></div><div><span style=""><font color="#222222" face="arial, sans-serif">It's good up to this point but from here on it is not because there is NO source IP so I can NOT use any security tools to ban the attackers IP. I want to ban any outsiders who attempt on my Asterisk but Asterisk doesn't provide the needed log so unless I am missing something, allowguest=no feature is not complete as it doesn't log properly what it should log. Register attempts are logged properly with source IP address but the moment one turns on allowguest=no then the logs are INCOMPLETE.</font></span></div>
<div><span style=""><br></span></div><div><font color="#222222" face="arial, sans-serif">I appreciate any other suggestions regarding this.</font></div><div><font id="DWT2921" color="#222222" face="arial, sans-serif"><br></font></div></div></blockquote>One suggestion, please be careful with the attitude. I hope it is just coming across wrong and that I am reading wrong your emails. It isn't good for trying to get help.<br><br>I think I found the problem. You are correct. With allowguest=no set, the security log does not record anything when a person is not registered.<br><br>I can easily fix this, I believe. Can you go ahead and open an issue and post back the issue number?<br><br>Michael<br><br>(elguero)<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px; color: rgb(0, 0, 0); font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><div class="gmail_quote"><div><font color="#222222" face="arial, sans-serif"></font></div></div></blockquote></div></body></html>