Warren Selby wrote: > On Tue, Feb 9, 2010 at 5:54 PM, Lyle Giese <[email protected] > <mailto:[email protected]>> wrote: > > Here's a start for you, just run from cron once a day: > > Lyle > > > So basically, nothing built into asterisk that already provides > security logging mechanisms? Maybe I'm using the wrong term; In > Windows, I think it would be called Security Auditing, successful / > unsuccessful login attempts that get recorded in the Windows Event > Viewer in the security log. These login attempts (whether successful > or not) are recorded, and you get the IP address of the workstation > attempting the login, the username used, and whether or not it was > successful. A log dedicated just to security auditing (or a new > option in /etc/logger.conf that adds this functionality (say, messages > => notice,warning,error,verbose,security) seems like it would be a > nice addition to asterisk. > > I've already got tools that can monitor log files and create bans > based on failed login attempts...but I don't always seem to see login > failures in the asterisk messages log. > > I recall from Astricon 2009, Russel and Kevin (I think) commenting on > security features in asterisk and not sure how much to include (i.e > automatically banning people based on failed login attempts being a > process asterisk controls or just simply logs so that another tool can > do the banning, etc). I just don't remember if there was any followup > to those discussions. > > -- > Thanks, > --Warren Selby > http://www.selbytech.com
I think that is the problem. Nobody can agree on how it should be implemented. So just log the events and the user/admin find and use a log analyzer or build your own tools for those that want/need such. Lyle
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
