<div dir="auto">Thank you guys, I tried fail2ban and it worked but i'll also try Fred's recommendation to see which one will be the best for my use case as I will be deploying the solution to a lot of Asterisk servers.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 24 Nov 2020, 3:02 am Fred Posner, <<a href="mailto:fred@qxork.com" target="_blank" rel="noreferrer">fred@qxork.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Mon, 2020-11-23 at 16:22 -0500, Sean Bright wrote:<br>
> On 11/23/2020 4:09 AM, Mohit Dhiman wrote:<br>
> > can anyone please recommend any existing external scripts that can<br>
> > parse the Asterisk security logs and possibly take appropriate<br>
> > actions like IP blocking.<br>
>  <br>
> Fail2ban<br>
<br>
I wrote one years ago that I still use:<br>
<br>
<br>
<a href="https://github.com/fredposner/scripts/blob/master/asterisk/check-failed-regs.pl" rel="noreferrer noreferrer noreferrer" target="_blank">https://github.com/fredposner/scripts/blob/master/asterisk/check-failed-regs.pl</a><br>
<br>
You'll need to make a chain called "asterisk" in iptables.<br>
<br>
Also, we started providing a pro-active block to sip attacks with<br>
apiban in January. There's a go client that will update iptables as<br>
well:<br>
<br>
<a href="https://github.com/palner/apiban" rel="noreferrer noreferrer noreferrer" target="_blank">https://github.com/palner/apiban</a><br>
<br>
-- <br>
Fred Posner<br>
<a href="mailto:fred@qxork.com" rel="noreferrer noreferrer" target="_blank">fred@qxork.com</a><br>
<a href="https://qxork.com" rel="noreferrer noreferrer noreferrer" target="_blank">https://qxork.com</a><br>
Direct/SMS: +1 (336) 439-3733<br>
<br>
Need Fred? Call Fred. 336-HEY-FRED<br>
Matrix: @fred:<a href="http://matrix.lod.com" rel="noreferrer noreferrer noreferrer" target="_blank">matrix.lod.com</a><br>
<br>
<br>
-- <br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer noreferrer noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
   <a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" rel="noreferrer noreferrer noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a></blockquote></div>