On Mon, Sep 15, 2014 at 6:21 AM, Patrick Laimbock <[email protected]> wrote:
> Hi Rainer, > > On 15-09-14 09:07, Rainer Piper wrote: > >> Hi, >> >> Info !!! not a question !!! >> >> the pjsip logger is different: >> >> [Sep 15 07:33:27] NOTICE[65267] res_pjsip/pjsip_distributor.c: Request >> from '"1001" <sip:[email protected]>' failed for '85.25.197.23:5071' >> (callid: 1bfa1fcfee1e20dbe9bbbcac5d7bdffc) - No matching endpoint found >> >> and here the RegEx for fail2ban to catch this log: >> >> |NOTICE.* .*: Request from '.*' failed for '<HOST>(:[0-9]{1,5})?' (.*) - >> No matching endpoint found >> > > Thanks for sharing. If you use github it would be nice if you could submit > a pull request so that it becomes part of the Asterisk rules in the next > Fail2ban version (0.9.1). > > https://github.com/fail2ban/fail2ban/pulls > > HTH, > Patrick > Why would you not use the SECURITY log format, which have the exact same format between chan_sip and chan_pjsip, and have a consistent format from Asterisk 10+? https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Event+Logger -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com & http://asterisk.org
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
