<br><br><div class="gmail_quote">2011/5/15 RSCL Mumbai <span dir="ltr"><<a href="mailto:rscl.mumbai@gmail.com">rscl.mumbai@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<font face="verdana,sans-serif"></font><br><div class="gmail_quote"><div class="im">On Sat, May 14, 2011 at 11:43 AM, Leandro Dardini <span dir="ltr"><<a href="mailto:ldardini@gmail.com" target="_blank">ldardini@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
Check if someone is brute forcing your asterisk accounts. It used to happen to me before I install fail2ban. You can easily check the "full" log of asterisk or with just a "tcpdump -i any -n port 5060 or port 4569".<br>
<font color="#888888">
<br></font></blockquote></div>Thx for the tcpdump command.<br>Checked, all looks good.<br>Packets coming from trusted domains only.<br><br>What should be the next step ?<br><br>Thx<br>Sans<br></div>
<br></blockquote></div><br>Have you tried to restart asterisk?<br><br>As last chance, install strace and check what is asterisk doing. Get the pid (PID) of the running asterisk and run:<br><br>strace -p PID -f -F &> /tmp/strace.log<br>
<br>Leave it running for a while then read the strace.log file<br><br>Leandro<br><br><br><br><br>