I’ve noticed that the Asterisk (v11) security log captures attempts do dial without first authenticating, and places the number dialed into the “accountid” field.

I’m trying to distinguish between failed attempts to register and attempts to dial without registering, but the security log treats them identically (using the accountid field for either the username or number dialed). I have noticed that the eventversion field is set to 2 for failed dial attempts, and 1 otherwise.

Is this coincidence? Or can I rely on the eventversion=2 in the future to distinguish these two event types? (I’ve looked here: https://wiki.asterisk.org/wiki/display/AST/Security+Log+File+Format? but it doesn’t really help)