Fail2ban And Pjsip In Asterisk 12 And 13
Hi,
Info !!! not a question !!!
the pjsip logger is different:
[Sep 15 07:33:27] NOTICE[65267] res_pjsip/pjsip_distributor.c: Request from ‘”1001″
(callid: 1bfa1fcfee1e20dbe9bbbcac5d7bdffc) – No matching endpoint found
and here the RegEx for fail2ban to catch this log:
|NOTICE.* .*: Request from ‘.*’ failed for ‘
No matching endpoint found
Regards|
7 thoughts on - Fail2ban And Pjsip In Asterisk 12 And 13
Hi Rainer,
Thanks for sharing. If you use github it would be nice if you could submit a pull request so that it becomes part of the Asterisk rules in the next Fail2ban version (0.9.1).
https://github.com/fail2ban/fail2ban/pulls
HTH, Patrick
Why would you not use the SECURITY log format, which have the exact same format between chan_sip and chan_pjsip, and have a consistent format from Asterisk 10+?
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Event+Logger
Am 15.09.2014 um 15:26 schrieb Matthew Jordan:
Thanks for security_log => security
Ok … I switched the security_log => security in logger.conf on and I’m going to write a RegEx for Fail2ban.
log sample – security log of wrong password:
[Sep 15 15:51:26] SECURITY[17378] res_security_log.c:
SecurityEvent=”ChallengeResponseFailed”,EventTV=”2014-09-15T15:51:26.126+0200″,Severity=”Error”,Service=”PJSIP”,EventVersion=”1″,AccountID=”7002″,SessionID=”80DFFBE5-4C3B-E411-8429-AD5D2362CB3E@192.168.8.10″,LocalAddress=”IPV4/UDP/178.5.154.91/5072″,RemoteAddress=”IPV4/UDP/192.168.8.10/6012″,Challenge=”1410789078/000dd605e4bd1b6dd7488afafafafafaf”,Response=”8fc17a017a3ac5eea21ca86c6c0f5ee8″,ExpectedResponse=””
Hi Patrick,
github done 😉
what is HTH ???
Am 15.09.2014 um 13:21 schrieb Patrick Laimbock:
(this is not where your reply belongs)
HTH == Hope That Helps.
oh … thanks :-[
Am 15.09.2014 um 17:30 schrieb A J Stiles:
Thanks!
Hope this/that helps
http://www.internetslang.com/
http://www.urbandictionary.com/define.php?term=internet%20slang
HTH 🙂
Patrick