[asterisk-users] Changing storm-prevention behaviour in logger.conf

Lyle Giese lyle at lcrcomputer.net
Sat Apr 17 17:39:11 CDT 2010


Tilghman Lesher wrote:
> On Saturday 17 April 2010 16:14:23 Remco Bressers wrote:
>   
>> Dear List,
>>
>> According to https://issues.asterisk.org/view.php?id=14905 there is a storm
>> prevention mechanism in newer Asterisks. If i look in my logfile, i see :
>>
>> [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from '"xxxx"
>> <sip:xxx at xxx.xxx.xxx.xxx>' failed for 'xx.xx.xx.xx' - Wrong password
>> [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3
>> times
>>
>> This IS a good thing to do, but i want to disable this behaviour. We are
>> using fail2ban to ban scripts and people from the Asterisk system. On
>> version 1.4.23 this worked fine, but now this mechanism is in place, i
>> cannot use fail2ban anymore.
>>
>> Is there any option to disable this behaviour, or even better, add it to
>> logger.conf so anybody can decide what to do? I just want all logging and
>> it seems impossible now. Maybe a patch on the source?
>>     
>
> That's not Asterisk doing that.  That's your system logger.  AFAIK, there's no
> way to turn that off, as it's a defense mechanism against an attacker filling
> your disks, causing lost messages and possible crashes (on some platforms).
>
>   
If running syslog-ng, check syslog-ng.conf and the summary option.
Setting summary to 0 turns off that behavior.

Lyle Giese
LCR Computer Services, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100417/29febebb/attachment.htm 


More information about the asterisk-users mailing list