Michael Keuter wrote: >>>> -Philip >>> A problem in Astlinux is, that before you can add an attacker to the >>> blocklist (when you see the attacks in realtime), the "/var/" >>> partition will be full within 2-3 minutes just because of the growing >>> syslog :-(. And from that point in time you do not have any logs at >>> all. Is there a way that the rotated log can automatically zipped? >> You can set Arno's firewall not to log blocked attacks. That is an option. >> >> -- >> Darrick Hartman > > Hi Darrick, > > I know that, but when the attack starts (and you don't see the attack > live) you don't know the attacker IP-address. Then the log messages > are coming from Asterisk. And within 2-3 minutes /var/ is full by the > log messages of Asterisk (not by the firewall).
Two ways around that. 1). If you have enough system ram, you can set the size of the var partition in the rc.conf file to a larger size. 2). Only allow SIP access from the IP addresses that you need to allow. Instead of having a wide-open port 5060, only accept SIP traffic from the IP addresses of your VOIP provider. Of course, if you're allowing anonymous calls into your Asterisk system, you can't do #2. Darrick -- Darrick Hartman DJH Solutions, LLC http://www.djhsolutions.com ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
