[asterisk-users] Fail2ban integration issues with Asterisk 1.4.21 under Debian Lenny

Wed Sep 1 04:11:51 CDT 2010

Hi guys,

Interesting discussion - I learnt quite a bit.  Thanks.

That said, no one's yet answered my two original questions.  Anyone know? 
To repeat:

1.  When I used the line "dateformat=%F %T" in the general section of 
logger.conf, the format in /var/log/asterisk/full did change, but the 
round brackets around the date remained; the fail2ban/asterisk 
instructions I was following indicated that they should disappear when I 
do this.  Is this an asterisk version issue (I'm using 1.4.21 - would 1.6 
behave in the way described?), a Debian issue (seems unlikely), or 
something else?  Is there some other way to get the round brackets to 
disappear?  This is necessary to get fail2ban to read that file; 
otherwise, I'll have to log all asterisk NOTICEs through syslog.

2.  With alwaysauthreject=yes and using deny= and permit= in sip.conf, 
attempts from denied IP addresses to register an extension are responded 
to (denying them, obviously), but not logged as a NOTICE (or anything 
else, as far as I can tell).  Is there a way to enable this logging - or, 
alternatively, to get asterisk to simply ignore these requests rather than 
responding?

I fully appreciate the frustration others feel re ending up paying for 
other people's attacks as part of their download limit, or even maxing out 
because of this.  I'm lucky in that I haven't reached that volume yet - 
I'm with Zen Internet, and have a 50GB monthly limit, which I'm not using 
anywhere near all of.  (that said, I did use 30GB last month, and suspect 
that the lion's share of that was from attacks, SIP reg or otherwise; this 
could certainly be an issue in the future.)

Instead, my issue was with maxing out my *upload* bandwidth limit 
(currently only 448kbps), and hence having my whole connection screeching 
to a halt, with massive packet loss to other applications.  At that point, 
not even (a sane amount of) money helps, as you can't buy a higher upload 
rate (aside from regrading to ADSL2+, which I'm looking into now).

Thanks in advance,

Nikhil.