You didn’t post the Asterisk version, but if this is an OLD asterisk version then the source IP may be missing from messages/logs.
If you have low traffic in general then using something like Wireshark may help you examine any suspicious SIP packet on the PBX. For higher volumes it’s like drinking from a fire hydrant, so not suitable. If this is a small PBX, have a look at the SecAst product (https://teium.io/secast). It’s free for small installations. It’s an Asterisk security product that monitors network traffic at a the adapter level so it can sniff the source. It also talks to Asterisk through the AMI so it can get more details of the connection/session that way. If this is for a larger PBX then you would have to move the discussion to the biz list for more info on SecAst. (Or email me off list) From: asterisk-users [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jerry Geis Sent: Wednesday, July 22, 2020 11:37 AM To: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users@lists.digium.com> Subject: Re: [asterisk-users] Failed to authenticate device message >Did you check your security log? >There is usually a wealth of info there about who, what, where when and why I also checked /var/log/asterisk/messages and it just has the same line. Nothing additional. Jerry
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
