Remco Bressers
2010-Apr-17 21:14 UTC
[asterisk-users] Changing storm-prevention behaviour in logger.conf
Dear List, According to https://issues.asterisk.org/view.php?id=14905 there is a storm prevention mechanism in newer Asterisks. If i look in my logfile, i see : [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from '"xxxx" <sip:xxx at xxx.xxx.xxx.xxx>' failed for 'xx.xx.xx.xx' - Wrong password [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 times This IS a good thing to do, but i want to disable this behaviour. We are using fail2ban to ban scripts and people from the Asterisk system. On version 1.4.23 this worked fine, but now this mechanism is in place, i cannot use fail2ban anymore. Is there any option to disable this behaviour, or even better, add it to logger.conf so anybody can decide what to do? I just want all logging and it seems impossible now. Maybe a patch on the source? Regards, Remco Bressers Signet B.V.
Tilghman Lesher
2010-Apr-17 22:15 UTC
[asterisk-users] Changing storm-prevention behaviour in logger.conf
On Saturday 17 April 2010 16:14:23 Remco Bressers wrote:> Dear List, > > According to https://issues.asterisk.org/view.php?id=14905 there is a storm > prevention mechanism in newer Asterisks. If i look in my logfile, i see : > > [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from '"xxxx" > <sip:xxx at xxx.xxx.xxx.xxx>' failed for 'xx.xx.xx.xx' - Wrong password > [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 > times > > This IS a good thing to do, but i want to disable this behaviour. We are > using fail2ban to ban scripts and people from the Asterisk system. On > version 1.4.23 this worked fine, but now this mechanism is in place, i > cannot use fail2ban anymore. > > Is there any option to disable this behaviour, or even better, add it to > logger.conf so anybody can decide what to do? I just want all logging and > it seems impossible now. Maybe a patch on the source?That's not Asterisk doing that. That's your system logger. AFAIK, there's no way to turn that off, as it's a defense mechanism against an attacker filling your disks, causing lost messages and possible crashes (on some platforms). -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com & www.asterisk.org
Barry Miller
2010-Apr-17 22:40 UTC
[asterisk-users] Changing storm-prevention behaviour in logger.conf
On Sat, Apr 17, 2010 at 11:14:23PM +0200, Remco Bressers wrote:> Dear List, > > According to https://issues.asterisk.org/view.php?id=14905 there is a storm > prevention mechanism in newer Asterisks. If i look in my logfile, i see : > > [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Registration from '"xxxx" > <sip:xxx at xxx.xxx.xxx.xxx>' failed for 'xx.xx.xx.xx' - Wrong password > [2010-04-17 15:12:01] NOTICE[1190] chan_sip.c: Last message repeated 3 > times > > This IS a good thing to do, but i want to disable this behaviour. We are > using fail2ban to ban scripts and people from the Asterisk system. On > version 1.4.23 this worked fine, but now this mechanism is in place, i > cannot use fail2ban anymore. > > Is there any option to disable this behaviour, or even better, add it to > logger.conf so anybody can decide what to do? I just want all logging and it seems impossible now. > Maybe a patch on the source?If you use a newer version of rsyslogd to do your logging, there is a global configuration directive: $RepeatedMsgReduction off that will do what you are asking. The issue #14905 patch you mention is not in 1.6.2.x. -- Barry