Am 15.09.2014 um 15:26 schrieb Matthew Jordan:
On Mon, Sep 15, 2014 at 6:21 AM, Patrick Laimbock
<patr...@laimbock.com <mailto:patr...@laimbock.com>> wrote:
Hi Rainer,
On 15-09-14 09:07, Rainer Piper wrote:
Hi,
Info !!! not a question !!!
the pjsip logger is different:
[Sep 15 07:33:27] NOTICE[65267] res_pjsip/pjsip_distributor.c:
Request
from '"1001" <sip:1001@81.20.137.222
<mailto:sip%3A1001@81.20.137.222>>' failed for
'85.25.197.23:5071 <http://85.25.197.23:5071>'
(callid: 1bfa1fcfee1e20dbe9bbbcac5d7bdffc) - No matching
endpoint found
and here the RegEx for fail2ban to catch this log:
|NOTICE.* .*: Request from '.*' failed for
'<HOST>(:[0-9]{1,5})?' (.*) -
No matching endpoint found
Thanks for sharing. If you use github it would be nice if you
could submit a pull request so that it becomes part of the
Asterisk rules in the next Fail2ban version (0.9.1).
https://github.com/fail2ban/fail2ban/pulls
HTH,
Patrick
Why would you not use the SECURITY log format, which have the exact
same format between chan_sip and chan_pjsip, and have a consistent
format from Asterisk 10+?
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Event+Logger
--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org
Thanks for security_log => security
Ok ... I switched the
security_log => security
in logger.conf on and I'm going to write a RegEx for Fail2ban.
log sample - security log of wrong password:
[Sep 15 15:51:26] SECURITY[17378] res_security_log.c:
SecurityEvent="ChallengeResponseFailed",EventTV="2014-09-15T15:51:26.126+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="7002",SessionID="80DFFBE5-4C3B-E411-8429-AD5D2362CB3E@192.168.8.10",LocalAddress="IPV4/UDP/178.5.154.91/5072",RemoteAddress="IPV4/UDP/192.168.8.10/6012",Challenge="1410789078/000dd605e4bd1b6dd7488afafafafafaf",Response="8fc17a017a3ac5eea21ca86c6c0f5ee8",ExpectedResponse=""
--
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161 <callto:004922897167161>
P2P: sip:rai...@sip.soho-piper.de:5072 (pjsip-test)
XMPP: rai...@xmpp.soho-piper.de
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users