Security Log Format / Content

Home » Asterisk Users » Security Log Format / Content
Asterisk Users 2 Comments

I’ve noticed that the Asterisk (v11) security log captures attempts do dial without first authenticating, and places the number dialed into the “accountid” field.

I’m trying to distinguish between failed attempts to register and attempts to dial without registering, but the security log treats them identically (using the accountid field for either the username or number dialed). I have noticed that the eventversion field is set to 2 for failed dial attempts, and 1 otherwise.

Is this coincidence? Or can I rely on the eventversion=2 in the future to distinguish these two event types? (I’ve looked here: https://wiki.asterisk.org/wiki/display/AST/Security+Log+File+Format? but it doesn’t really help)

2 thoughts on - Security Log Format / Content

  • Why does the failed authentication place the number dialed, instead of the username used, in the account field?

    Any way to distinguish a failed dial attempt from a failed register attempt using just the security log? (I couldn’t see how looking at the log)