<div class="gmail_quote">On Tue, Feb 9, 2010 at 5:54 PM, Lyle Giese <span dir="ltr"><<a href="mailto:lyle@lcrcomputer.net">lyle@lcrcomputer.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div>Here's a start for you, just run from cron once a day:<br></div>
<br>
Lyle<br></blockquote></div><br>So basically, nothing built into asterisk that already provides security logging mechanisms? Maybe I'm using the wrong term; In Windows, I think it would be called Security Auditing, successful / unsuccessful login attempts that get recorded in the Windows Event Viewer in the security log. These login attempts (whether successful or not) are recorded, and you get the IP address of the workstation attempting the login, the username used, and whether or not it was successful. A log dedicated just to security auditing (or a new option in /etc/logger.conf that adds this functionality (say, messages => notice,warning,error,verbose,security) seems like it would be a nice addition to asterisk.<br>
<br>I've already got tools that can monitor log files and create bans based on failed login attempts...but I don't always seem to see login failures in the asterisk messages log. <br><br>I recall from Astricon 2009, Russel and Kevin (I think) commenting on security features in asterisk and not sure how much to include (i.e automatically banning people based on failed login attempts being a process asterisk controls or just simply logs so that another tool can do the banning, etc). I just don't remember if there was any followup to those discussions.<br clear="all">
<br>-- <br>Thanks,<br>--Warren Selby<br><a href="http://www.selbytech.com">http://www.selbytech.com</a><br>