Re: [asterisk-users] Changing storm-prevention behaviour in logger.conf
According to https://issues.asterisk.org/view.php?id=14905 there is a storm prevention mechanism in newer Asterisks. If i look in my logfile, i see : [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from ' sip:x...@xxx.xxx.xxx.xxx' failed for 'xx.xx.xx.xx' - Wrong password [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 times This IS a good thing to do, but i want to disable this behaviour. We are using fail2ban to ban scripts and people from the Asterisk system. On version 1.4.23 this worked fine, but now this mechanism is in place, i cannot use fail2ban anymore. Is there any option to disable this behaviour, or even better, add it to logger.conf so anybody can decide what to do? I just want all logging and it seems impossible now. Maybe a patch on the source? If you use a newer version of rsyslogd to do your logging, there is a global configuration directive: $RepeatedMsgReduction off that will do what you are asking. The issue #14905 patch you mention is not in 1.6.2.x. Hi, Well, this sounds fair, but this happened after an upgrade to 1.4.29 from 1.4.23. Nothing else changed in my setup after that. My logger.conf : [general] dateformat=%F %T [logfiles] console = notice,warning,error messages = notice,warning,error This tells me i'm not using the syslog feature at all and /var/log/asterisk/messages is generated by Asterisk and not by syslogd Second, I just downloaded 1.4.29. The patch that does the message repeated stuff is just not there, as Tilghman said. Is it possible that someone applied that patch to your source? Have you tried downloading the 1.4.29 tarball again and recompiling? If you installed asterisk as a package from somebody's repo, I can't really say, but it seems highly unlikely that the patch would be present. I hope this helps a little bit. Alright, i figured it out. I use the FreeBSD port of Asterisk and there's a file named patch-suppress_log_dups.diff in the files directory which patches logger.c. I guess i should convince the port maintainer that this is a nice patch, but not how Asterisk is supposed to work. It only raises eyebrows if they add extra features. Thanks a million! Remco -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Changing storm-prevention behaviour in logger.conf
On Apr 18, 2010, at 12:40 AM, Barry Miller wrote: On Sat, Apr 17, 2010 at 11:14:23PM +0200, Remco Bressers wrote: Dear List, According to https://issues.asterisk.org/view.php?id=14905 there is a storm prevention mechanism in newer Asterisks. If i look in my logfile, i see : [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from ' sip:x...@xxx.xxx.xxx.xxx' failed for 'xx.xx.xx.xx' - Wrong password [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 times This IS a good thing to do, but i want to disable this behaviour. We are using fail2ban to ban scripts and people from the Asterisk system. On version 1.4.23 this worked fine, but now this mechanism is in place, i cannot use fail2ban anymore. Is there any option to disable this behaviour, or even better, add it to logger.conf so anybody can decide what to do? I just want all logging and it seems impossible now. Maybe a patch on the source? If you use a newer version of rsyslogd to do your logging, there is a global configuration directive: $RepeatedMsgReduction off that will do what you are asking. The issue #14905 patch you mention is not in 1.6.2.x. Hi, Well, this sounds fair, but this happened after an upgrade to 1.4.29 from 1.4.23. Nothing else changed in my setup after that. My logger.conf : [general] dateformat=%F %T [logfiles] console = notice,warning,error messages = notice,warning,error This tells me i'm not using the syslog feature at all and /var/log/asterisk/messages is generated by Asterisk and not by syslogd Please help. Regards, Remco -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Changing storm-prevention behaviour in logger.conf
On Sun, Apr 18, 2010 at 08:21:57PM +0200, Remco Bressers wrote: On Apr 18, 2010, at 12:40 AM, Barry Miller wrote: On Sat, Apr 17, 2010 at 11:14:23PM +0200, Remco Bressers wrote: Dear List, According to https://issues.asterisk.org/view.php?id=14905 there is a storm prevention mechanism in newer Asterisks. If i look in my logfile, i see : [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from ' sip:x...@xxx.xxx.xxx.xxx' failed for 'xx.xx.xx.xx' - Wrong password [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 times This IS a good thing to do, but i want to disable this behaviour. We are using fail2ban to ban scripts and people from the Asterisk system. On version 1.4.23 this worked fine, but now this mechanism is in place, i cannot use fail2ban anymore. Is there any option to disable this behaviour, or even better, add it to logger.conf so anybody can decide what to do? I just want all logging and it seems impossible now. Maybe a patch on the source? If you use a newer version of rsyslogd to do your logging, there is a global configuration directive: $RepeatedMsgReduction off that will do what you are asking. The issue #14905 patch you mention is not in 1.6.2.x. Hi, Well, this sounds fair, but this happened after an upgrade to 1.4.29 from 1.4.23. Nothing else changed in my setup after that. My logger.conf : [general] dateformat=%F %T [logfiles] console = notice,warning,error messages = notice,warning,error This tells me i'm not using the syslog feature at all and /var/log/asterisk/messages is generated by Asterisk and not by syslogd Hi. First, I'm sorry I didn't look more closely at your in your example. Of course you're not using syslog, but rather asterisk's own logging. Second, I just downloaded 1.4.29. The patch that does the message repeated stuff is just not there, as Tilghman said. Is it possible that someone applied that patch to your source? Have you tried downloading the 1.4.29 tarball again and recompiling? If you installed asterisk as a package from somebody's repo, I can't really say, but it seems highly unlikely that the patch would be present. I hope this helps a little bit. -- Barry -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Changing storm-prevention behaviour in logger.conf
Dear List, According to https://issues.asterisk.org/view.php?id=14905 there is a storm prevention mechanism in newer Asterisks. If i look in my logfile, i see : [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from ' sip:x...@xxx.xxx.xxx.xxx' failed for 'xx.xx.xx.xx' - Wrong password [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 times This IS a good thing to do, but i want to disable this behaviour. We are using fail2ban to ban scripts and people from the Asterisk system. On version 1.4.23 this worked fine, but now this mechanism is in place, i cannot use fail2ban anymore. Is there any option to disable this behaviour, or even better, add it to logger.conf so anybody can decide what to do? I just want all logging and it seems impossible now. Maybe a patch on the source? Regards, Remco Bressers Signet B.V. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Changing storm-prevention behaviour in logger.conf
On Saturday 17 April 2010 16:14:23 Remco Bressers wrote: Dear List, According to https://issues.asterisk.org/view.php?id=14905 there is a storm prevention mechanism in newer Asterisks. If i look in my logfile, i see : [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from ' sip:x...@xxx.xxx.xxx.xxx' failed for 'xx.xx.xx.xx' - Wrong password [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 times This IS a good thing to do, but i want to disable this behaviour. We are using fail2ban to ban scripts and people from the Asterisk system. On version 1.4.23 this worked fine, but now this mechanism is in place, i cannot use fail2ban anymore. Is there any option to disable this behaviour, or even better, add it to logger.conf so anybody can decide what to do? I just want all logging and it seems impossible now. Maybe a patch on the source? That's not Asterisk doing that. That's your system logger. AFAIK, there's no way to turn that off, as it's a defense mechanism against an attacker filling your disks, causing lost messages and possible crashes (on some platforms). -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Changing storm-prevention behaviour in logger.conf
Tilghman Lesher wrote: On Saturday 17 April 2010 16:14:23 Remco Bressers wrote: Dear List, According to https://issues.asterisk.org/view.php?id=14905 there is a storm prevention mechanism in newer Asterisks. If i look in my logfile, i see : [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from ' sip:x...@xxx.xxx.xxx.xxx' failed for 'xx.xx.xx.xx' - Wrong password [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 times This IS a good thing to do, but i want to disable this behaviour. We are using fail2ban to ban scripts and people from the Asterisk system. On version 1.4.23 this worked fine, but now this mechanism is in place, i cannot use fail2ban anymore. Is there any option to disable this behaviour, or even better, add it to logger.conf so anybody can decide what to do? I just want all logging and it seems impossible now. Maybe a patch on the source? That's not Asterisk doing that. That's your system logger. AFAIK, there's no way to turn that off, as it's a defense mechanism against an attacker filling your disks, causing lost messages and possible crashes (on some platforms). If running syslog-ng, check syslog-ng.conf and the summary option. Setting summary to 0 turns off that behavior. Lyle Giese LCR Computer Services, Inc. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Changing storm-prevention behaviour in logger.conf
On Sat, Apr 17, 2010 at 11:14:23PM +0200, Remco Bressers wrote: Dear List, According to https://issues.asterisk.org/view.php?id=14905 there is a storm prevention mechanism in newer Asterisks. If i look in my logfile, i see : [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from ' sip:x...@xxx.xxx.xxx.xxx' failed for 'xx.xx.xx.xx' - Wrong password [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 times This IS a good thing to do, but i want to disable this behaviour. We are using fail2ban to ban scripts and people from the Asterisk system. On version 1.4.23 this worked fine, but now this mechanism is in place, i cannot use fail2ban anymore. Is there any option to disable this behaviour, or even better, add it to logger.conf so anybody can decide what to do? I just want all logging and it seems impossible now. Maybe a patch on the source? If you use a newer version of rsyslogd to do your logging, there is a global configuration directive: $RepeatedMsgReduction off that will do what you are asking. The issue #14905 patch you mention is not in 1.6.2.x. -- Barry -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users