[asterisk-users] Security Logging

Warren Selby wcselby at selbytech.com
Wed Feb 10 13:07:26 CST 2010


On Tue, Feb 9, 2010 at 5:54 PM, Lyle Giese <lyle at lcrcomputer.net> wrote:

> Here's a start for you, just run from cron once a day:
>
> Lyle
>

So basically, nothing built into asterisk that already provides security
logging mechanisms?  Maybe I'm using the wrong term; In Windows, I think it
would be called Security Auditing, successful / unsuccessful login attempts
that get recorded in the Windows Event Viewer in the security log.  These
login attempts (whether successful or not) are recorded, and you get the IP
address of the workstation attempting the login, the username used, and
whether or not it was successful.  A log dedicated just to security auditing
(or a new option in /etc/logger.conf that adds this functionality (say,
messages => notice,warning,error,verbose,security) seems like it would be a
nice addition to asterisk.

I've already got tools that can monitor log files and create bans based on
failed login attempts...but I don't always seem to see login failures in the
asterisk messages log.

I recall from Astricon 2009, Russel and Kevin (I think) commenting on
security features in asterisk and not sure how much to include (i.e
automatically banning people based on failed login attempts being a process
asterisk controls or just simply logs so that another tool can do the
banning, etc).  I just don't remember if there was any followup to those
discussions.

-- 
Thanks,
--Warren Selby
http://www.selbytech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100210/8f76e29e/attachment.htm 


More information about the asterisk-users mailing list