Log Faulty Calls?

Home » Asterisk Users » Log Faulty Calls?
Asterisk Users 5 Comments

If somebody is calling me using a wrong configured SIP phone, he gets back an error message from my Asterisk server. That’s ok, however I’d also like to know that I missed a call. However there’s no CDR entry created in that case and checking the asterisk logs manually is not that great… Any way to get CDR records (or any other way of noticing it) even if a call gets declined through to a wrong configured sip phone?

Thanks and best regards Stefan

5 thoughts on - Log Faulty Calls?

  • Not the best solution, but you could do a “quick and dirty” crawler to query
    /var/log/asterisk/full in PHP or PERL or your language of choice. Even in a
    4K-5K calls per day environment this process usually takes less than 1
    minute to run.

    From: asterisk-users-bounces@lists.digium.com
    [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Stefan at WPF
    Sent: Friday, August 24, 2012 7:43 AM
    To: Asterisk Users Mailing List – Non-Commercial Discussion Subject: [asterisk-users] Log faulty calls?

    If somebody is calling me using a wrong configured SIP phone, he gets back an error message from my Asterisk server. That’s ok, however I’d also like to know that I missed a call. However there’s no CDR entry created in that case and checking the asterisk logs manually is not that great… Any way to get CDR records (or any other way of noticing it) even if a call gets declined through to a wrong configured sip phone?

    Thanks and best regards

    Stefan

  • Thank you Danny, but the problem is that I don’t know what exactly I shall look for. I think there’s no specific word in the log that clearly identifies this kind of problem? ):

    2012/8/24 Danny Nicholas

  • Actually, you could look for WARNING or ERROR and probably find what you needed.

    From: asterisk-users-bounces@lists.digium.com
    [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Stefan at WPF
    Sent: Friday, August 24, 2012 8:14 AM
    To: Asterisk Users Mailing List – Non-Commercial Discussion Subject: Re: [asterisk-users] Log faulty calls?

    Thank you Danny, but the problem is that I don’t know what exactly I shall look for. I think there’s no specific word in the log that clearly identifies this kind of problem? ):

    2012/8/24 Danny Nicholas

    Not the best solution, but you could do a “quick and dirty” crawler to query
    /var/log/asterisk/full in PHP or PERL or your language of choice. Even in a
    4K-5K calls per day environment this process usually takes less than 1
    minute to run.

    From: asterisk-users-bounces@lists.digium.com
    [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Stefan at WPF
    Sent: Friday, August 24, 2012 7:43 AM
    To: Asterisk Users Mailing List – Non-Commercial Discussion Subject: [asterisk-users] Log faulty calls?

    If somebody is calling me using a wrong configured SIP phone, he gets back an error message from my Asterisk server. That’s ok, however I’d also like to know that I missed a call. However there’s no CDR entry created in that case and checking the asterisk logs manually is not that great… Any way to get CDR records (or any other way of noticing it) even if a call gets declined through to a wrong configured sip phone?

    Thanks and best regards

    Stefan

  • I ended up writing a basic parsing script that lets me search the full log, based on some unique identifier (eg, my own extension “vlog 2027”). It then digs out the associated A*k log number for each line that’s it, and lists them out. Then I choose the ‘call’ and it re-filters by that call only. Its not perfect, as asterisk rolls log numbers over, but works well enough if I want to dig out just the logs for one call.

    Its not automated in any way though, I just use it for manual debugging.

    Thanks,

    Adrian

    From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Danny Nicholas Sent: 24 August 2012 14:17
    To: ‘Asterisk Users Mailing List – Non-Commercial Discussion’
    Subject: Re: [asterisk-users] Log faulty calls?

    Actually, you could look for WARNING or ERROR and probably find what you needed.

    From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Stefan at WPF
    Sent: Friday, August 24, 2012 8:14 AM
    To: Asterisk Users Mailing List – Non-Commercial Discussion Subject: Re: [asterisk-users] Log faulty calls?

    Thank you Danny, but the problem is that I don’t know what exactly I shall look for. I think there’s no specific word in the log that clearly identifies this kind of problem? ):
    2012/8/24 Danny Nicholas >
    Not the best solution, but you could do a “quick and dirty” crawler to query /var/log/asterisk/full in PHP or PERL or your language of choice. Even in a 4K-5K calls per day environment this process usually takes less than 1 minute to run.

    From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Stefan at WPF
    Sent: Friday, August 24, 2012 7:43 AM
    To: Asterisk Users Mailing List – Non-Commercial Discussion Subject: [asterisk-users] Log faulty calls?

    If somebody is calling me using a wrong configured SIP phone, he gets back an error message from my Asterisk server. That’s ok, however I’d also like to know that I missed a call. However there’s no CDR entry created in that case and checking the asterisk logs manually is not that great… Any way to get CDR records (or any other way of noticing it) even if a call gets declined through to a wrong configured sip phone?

    Thanks and best regards Stefan

  • One trick you can do is to accept all calls into the dial plan and then do IP lookups and call pattern checks to determine if the call is good to go past your sidewalk code. You need to make sure this code is very efficient so that you can lock out bogus callers and attackers. If you use this in conjugation with something like failtoban or some kind of auto firewall scripts you can then trap CDR’s at a level before you do a full block. You can also do some tarpit style handling to slow down hackers as well.

    A second approach is to inject good registered peers into your valid sections of dialplan and do a general catch all context that will accept from anyone even non registered but goes no where. You can stick your failtoban here as well. You can create logging and tarpiting. Setup bogus calls to audio files that will confuse the crap out of the hackers so they think they have good routes and you can gather stats on where and what kind of attacks are comming at you. If you control their entry point you can better control the load on your network until you can ban them off.

    There are lot’s of possiblites if you think out side the box.

    Bryant Zimmerman

    ————————————–