[asterisk-users] Security Logging

[Lyle Giese]

Warren Selby wrote:
> On Tue, Feb 9, 2010 at 5:54 PM, Lyle Giese <lyle at lcrcomputer.net
> <mailto:lyle at lcrcomputer.net>> wrote:
>
>     Here's a start for you, just run from cron once a day:
>
>     Lyle
>
>
> So basically, nothing built into asterisk that already provides
> security logging mechanisms?  Maybe I'm using the wrong term; In
> Windows, I think it would be called Security Auditing, successful /
> unsuccessful login attempts that get recorded in the Windows Event
> Viewer in the security log.  These login attempts (whether successful
> or not) are recorded, and you get the IP address of the workstation
> attempting the login, the username used, and whether or not it was
> successful.  A log dedicated just to security auditing (or a new
> option in /etc/logger.conf that adds this functionality (say, messages
> => notice,warning,error,verbose,security) seems like it would be a
> nice addition to asterisk.
>
> I've already got tools that can monitor log files and create bans
> based on failed login attempts...but I don't always seem to see login
> failures in the asterisk messages log. 
>
> I recall from Astricon 2009, Russel and Kevin (I think) commenting on
> security features in asterisk and not sure how much to include (i.e
> automatically banning people based on failed login attempts being a
> process asterisk controls or just simply logs so that another tool can
> do the banning, etc).  I just don't remember if there was any followup
> to those discussions.
>
> -- 
> Thanks,
> --Warren Selby
> http://www.selbytech.com

I think that is the problem.  Nobody can agree on how it should be
implemented.  So just log the events and the user/admin find and use a
log analyzer or build your own tools for those that want/need such.

Lyle



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100210/34318476/attachment.htm