Mathew, thanks for the input. The module res_security_log is registered and loaded just like you showed. The line security_log => security is also inserted and uncommented in logger.conf. Yet, when any SIP calls come in, there are no logs generated. I think the assumption that res_security_log is working in Asterisk 10.x is not right. Or at least it may only work with AMI, not be complete, etc...<div>
<br></div><div>Do you have any logs generated in the security_log file?</div><div><br></div><div>I am making a call from another Asterisk server and I have allowguest=no and no logs generate in the security_log file.</div>
<div><br></div><div>Best,<br><br><div class="gmail_quote">On Mon, Feb 13, 2012 at 10:06 AM, Matthew Jordan <span dir="ltr"><<a href="mailto:mjordan@digium.com">mjordan@digium.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Sorry about that - hit the wrong button and set too soon :-)<br>
<br>
Anyway - with security_log => security in my logger.conf, a security_log<br>
file was created on Asterisk start up. Verify that the res_security_log<br>
module is being loaded - in a DEBUG log, you should see something similar<br>
to the following:<br>
<br>
[Feb 13 09:01:25] DEBUG[17253] logger.c: Registered dynamic logger level 'SECURITY' with index 18.<br>
[Feb 13 09:01:25] VERBOSE[17253] res_security_log.c: -- Security Logging Enabled<br>
[Feb 13 09:01:25] VERBOSE[17253] loader.c: res_security_log.so => (Security Event Logging)<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
> > From: "Bruce B" <<a href="mailto:bruceb444@gmail.com">bruceb444@gmail.com</a>><br>
> > To: "Asterisk Developers Mailing List"<br>
> > <<a href="mailto:asterisk-dev@lists.digium.com">asterisk-dev@lists.digium.com</a>><br>
> > Sent: Monday, February 13, 2012 8:49:34 AM<br>
> > Subject: Re: [asterisk-dev] Non-universalized log messages render<br>
> > security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe<br>
> > other versions as well !!!<br>
><br>
> > > > I also checked res_security_log and the module is loaded but it<br>
> > > > doesn't add ANY whatsoever logs in Asterisk 1.8. Is that an<br>
> > > > incomplete module?<br>
> > ><br>
> ><br>
><br>
> > > Like Paul stated, support for logging security events in chan_sip<br>
> > > was<br>
> > > added in Asterisk 10. In Asterisk 1.8, I think only AMI security<br>
> > > events are logged. Also, make sure that you enable it in<br>
> > > logger.conf. The security events will be contained in a separate<br>
> > > log<br>
> > > file.<br>
> ><br>
><br>
> > Thanks Michael. For the sake of testing I installed Asterisk 10.1.2<br>
> > and I have res_security_log.so loaded and I have this line in<br>
> > logger.conf as per directions:<br>
><br>
> > security => security<br>
><br>
> > However, there are NO LOGS generated in this file. The best I can<br>
> > see<br>
> > from Asterisk is this:<br>
> > [Feb 13 09:46:21] NOTICE[14762]: chan_sip.c:22906<br>
> > handle_request_invite: Sending fake auth rejection for device<br>
> > "Anonymous" <sip:Anonymous@anonymous.invalid>;tag=as55ac8bb5<br>
><br>
> A NOTICE log message is not a security message. The wiki pages<br>
> linked<br>
> previously specify what you should see in the log security log file.<br>
><br>
> <a href="https://wiki.asterisk.org/wiki/display/AST/Security+Log+File+Format" target="_blank">https://wiki.asterisk.org/wiki/display/AST/Security+Log+File+Format</a><br>
><br>
> If it is configured correctly, you should see the log file specified<br>
> in logger.conf created on Asterisk start up. For example, when using<br>
> the following in logger.conf:<br>
><br>
><br>
><br>
><br>
> > To conclude, res_security_log does NOT log anything so far. CDRs do<br>
> > not include the source IP address and Asterisk doesn't mention the<br>
> > source IP no where in Asterisk 1.8 or 10.x. Am I missing something?<br>
> > Have you tested this yourself?<br>
><br>
> > Regards,<br>
><br>
> > --<br>
> > _____________________________________________________________________<br>
> > -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a><br>
> > --<br>
><br>
> > asterisk-dev mailing list<br>
> > To UNSUBSCRIBE or update options visit:<br>
> > <a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
><br>
> --<br>
> _____________________________________________________________________<br>
> -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
><br>
> asterisk-dev mailing list<br>
> To UNSUBSCRIBE or update options visit:<br>
> <a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
><br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</div></div></blockquote></div><br></div>