Michael, thanks. I am happy there is an understanding here. Issue is opened under #19348. I suggested my recommendation on how it should be implemented but you know best.<div><br></div><div><a href="https://issues.asterisk.org/jira/browse/ASTERISK-19348">https://issues.asterisk.org/jira/browse/ASTERISK-19348</a> </div>
<div><br></div><div>Best,<br><br><div class="gmail_quote">On Mon, Feb 13, 2012 at 11:29 AM, Michael L. Young <span dir="ltr"><<a href="mailto:myoung@acsacc.com">myoung@acsacc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div style="font-size:10pt;font-family:Arial"><hr><blockquote style="padding-left:5px;font-size:12pt;font-style:normal;margin-left:5px;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal;border-left:2px solid rgb(16,16,255)">
<div class="im"><b>From: </b>"Bruce B" <<a href="mailto:bruceb444@gmail.com" target="_blank">bruceb444@gmail.com</a>><br><b>To: </b>"Asterisk Developers Mailing List" <<a href="mailto:asterisk-dev@lists.digium.com" target="_blank">asterisk-dev@lists.digium.com</a>><br>
</div><b>Sent: </b>Monday, February 13, 2012 10:55:45 AM<div class="im"><br><b>Subject: </b>Re: [asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!<br>
<br></div><div><div class="h5"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>I set up a quick test by having some Polycom phones attempt to register</div>
with no matching device defined in sip.conf. Below is a snippet from the<br>
resulting security log file:<br><br></blockquote><div><br></div><div>Mathew, thanks for the test. However, that is not what this whole thread is about. I have allowguest=no and I am making call attempts to Asterisk without registration and wanting to log the source IP. Asterisk 10.1.x logs this message but nothing else that would be useful:</div>
<div><br></div><div> <i>NOTICE[10331] chan_sip.c: Sending fake auth rejection for device "Anonymous" <sip:Anonymous@anonymous.invalid>;tag=as4a1b8317</i></div><div><i><br></i></div><div><span>Pavel on this thread suggested source IP will be logged for calls like that in CDRs but it is not true. Paul Belanger suggested using res_security_log for this purpose but I guess he hasn't tested this himself as there are no logs generated.</span></div>
<div><span><br></span></div><div><span>Here is the issue again for everyone: I have allowguest=no and I am making calls to Asterisk 1.8 or 10.x...The call is rejected with a message like this:</span></div><div>
<span><br></span></div><div> <i>NOTICE[10331] chan_sip.c: Sending fake auth rejection for device "Anonymous" <sip:Anonymous@anonymous.invalid>;tag=as4a1b8317</i>
</div><div><i><br></i></div><div><span><font color="#222222" face="arial, sans-serif">It's good up to this point but from here on it is not because there is NO source IP so I can NOT use any security tools to ban the attackers IP. I want to ban any outsiders who attempt on my Asterisk but Asterisk doesn't provide the needed log so unless I am missing something, allowguest=no feature is not complete as it doesn't log properly what it should log. Register attempts are logged properly with source IP address but the moment one turns on allowguest=no then the logs are INCOMPLETE.</font></span></div>
<div><span><br></span></div><div><font color="#222222" face="arial, sans-serif">I appreciate any other suggestions regarding this.</font></div><div><font color="#222222" face="arial, sans-serif"><br></font></div></div></div>
</div></blockquote>One suggestion, please be careful with the attitude. I hope it is just coming across wrong and that I am reading wrong your emails. It isn't good for trying to get help.<br><br>I think I found the problem. You are correct. With allowguest=no set, the security log does not record anything when a person is not registered.<br>
<br>I can easily fix this, I believe. Can you go ahead and open an issue and post back the issue number?<br><br>Michael<br><br>(elguero)<br><blockquote style="padding-left:5px;font-size:12pt;font-style:normal;margin-left:5px;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal;border-left:2px solid rgb(16,16,255)">
<div class="gmail_quote"><div><font color="#222222" face="arial, sans-serif"></font></div></div></blockquote></div></div><br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br></blockquote></div><br></div>