solved with osse-logtest
On May 4, 10:22 am, link <[email protected]> wrote: > Hi, > > I' m configuring new decoders for Asterisk logs and I have a problem > with srcip and user log. > > This is the sample log: [2010-05-04 09:05:08] NOTICE[14791]: > chan_iax2.c:5831 register_verify: Host 192.168.20.18 failed MD5 > authentication for '2345' (a94e219193704e95eac2c8f06fa04f2d != > de7a1122e0651aac606f265bad09fa85) > > And this is the decoder: > > <decoder name="asterisk-denied4"> > <parent>asterisk</parent> > <prematch>^NOTICE[\d+]: \S+ \S+: Host </prematch> > <regex offset="after_prematch">^(\d+.\d+.\d+.\d+) failed MD5 > authentication for '(\S+)'</regex> > <order>srcip, user</order> > </decoder> > > When I see the ossec logs the srcip and user appear empty. Why? What > are I doing wrong? > > ** Alert 1272961312.511785: - syslog,asterisk,invalid_login, > 2010 May 04 10:21:52 (dialer) 192.168.150.160->/var/log/messages > Rule: 100010 (level 5) -> 'IAX peer Wrong Password.' > Src IP: (none) > User: (none) > May 4 10:15:46 dialer asterisk[5200]: NOTICE[14797]: chan_iax2.c:5831 > in register_verify: Host 192.168.20.18 failed MD5 authentication for > '2345' (bc9734938727c15bf8514615a4c160c4 != > 37dc5669fa08b5275339449f623b155d) > > Best Regards,
