Shamus,
No, the Adaptive ban plugin should always look at /var/log/messages, the
default.
The Asterisk Log() command properly logs into /var/log/messages as expected for
me. Looking at the /etc/asterisk/logger.conf file for the line:
--
syslog.local0 => notice,warning,error
--
NOTICE messages will go to syslog, which go to /var/log/messages .
Lonnie
On Aug 16, 2013, at 10:25 AM, Shamus Rask wrote:
> I made a basic mistake, where I had assumed the "s" extension was a catch-all
> for dialling patterns not matched elsewhere in a context–of course this is
> NOT the intent of it. I've now modified my incoming direct-SIP context as
> follows:
>
> exten => valid_ext1,1,Goto(OTHER_CONTEXT,s,1)
> exten => valid_ext2,1,Goto(OTHER_CONTEXT,s,1)
> exten => valid_ext3,1,Goto(echo_test,111,1)
>
> exten => _X.,1,Set(BANIP=${CHANNEL(recvip)})
> same => n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
> same => n,Hangup(3)
>
> exten => i,1,Set(BANIP=${CHANNEL(recvip)})
> same => n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
> same => n,Hangup(3)
>
> exten => s,1,Set(BANIP=${CHANNEL(recvip)})
> same => n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
> same => n,Hangup(3)
>
>
> However, this is now generating the expected messages in
> /var/log/asterisk/messages rather than in /var/log/messages. As far as I can
> tell, the adaptive-ban plugin parses the /var/log/messages file…
>
> Should I be changing either the adaptive-ban plugin to read
> /var/log/asterisk/messages or changing an Asterisk conf file to use the
> /var/log/messages instead?
>
> cheers,
> Shamus
>
>>
>>
>> Message: 1
>> Date: Tue, 13 Aug 2013 21:46:44 -0400
>> From: Shamus Rask <[email protected]>
>> Subject: Re: [Astlinux-users] adaptive-ban for SIP calls
>> To: [email protected]
>> Message-ID: <[email protected]>
>> Content-Type: text/plain; charset=windows-1252
>>
>> Lonnie,
>>
>> Many thanks? I had searched through the archives, but was having problems
>> finding a solution.
>>
>> cheers,
>> Shamus
>>
>>>
>>> Message: 5
>>> Date: Tue, 13 Aug 2013 12:51:32 -0500
>>> From: Lonnie Abelbeck <[email protected]>
>>> Subject: Re: [Astlinux-users] adaptive-ban for SIP calls
>>> To: AstLinux Users Mailing List <[email protected]>
>>> Message-ID: <[email protected]>
>>> Content-Type: text/plain; charset=us-ascii
>>>
>>> Hi Shamus,
>>>
>>> This question has come up before, and the community answer was to not
>>> automatically ban those in the adaptive-ban plugin since that error can be
>>> easily generated by user's misdialing.
>>>
>>> If you search back on the users list there were dialplan alternatives to
>>> detect these kind of errors and add a banned host via the dialplan.
>>> --
>>> ; For Asterisk 1.6+
>>> exten => s,n,Set(BANIP=${CHANNEL(recvip)})
>>> exten => s,n,Log(NOTICE,'${BANIP}' - Dialplan Noted Suspicious IP Address)
>>> --
>>> Then the adaptive-ban plugin will act on the above generated log. This way
>>> you have more control over what to ban or not.
>>>
>>> Lonnie
>>>
>>>
>>> On Aug 13, 2013, at 12:02 PM, Shamus Rask wrote:
>>>
>>>> Currently running the latest (v112) release of Astlinux. I have enabled
>>>> the adaptive-ban and ids-protection firewall plugins. My AstLinux box is
>>>> sitting behind my router, where I have port-forwaded 5060-5061 for SIP and
>>>> my RTP ports.
>>>>
>>>> I just took a look in /var/log/asterisk/messages and found the snippet
>>>> below. What is the best way to block these "attacks"?
>>>>
>>>>
>>>> [Aug 13 12:44:09] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5074) to extension '011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:10] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5084) to extension '9011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5090) to extension '00972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:11] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5070) to extension '1011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:12] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5082) to extension '0011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:13] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5071) to extension '7011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>> [Aug 13 12:44:14] NOTICE[1345] chan_sip.c: Call from ''
>>>> (94.23.202.102:5084) to extension '8011972597540595' rejected because
>>>> extension not found in context 'default'.
>>>>
>>>>
>>>> cheers,
>>>> Shamus
>>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk_______________________________________________
> Astlinux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> [email protected].
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
