Rainer Piper
2014-Sep-15 07:07 UTC
[asterisk-users] fail2ban and pjsip in asterisk 12 and 13
Hi,
Info !!! not a question !!!
the pjsip logger is different:
[Sep 15 07:33:27] NOTICE[65267] res_pjsip/pjsip_distributor.c: Request
from '"1001" <sip:1001 at 81.20.137.222>' failed for
'85.25.197.23:5071'
(callid: 1bfa1fcfee1e20dbe9bbbcac5d7bdffc) - No matching endpoint found
and here the RegEx for fail2ban to catch this log:
|NOTICE.* .*: Request from '.*' failed for
'<HOST>(:[0-9]{1,5})?' (.*) -
No matching endpoint found
Regards|
--
*Rainer Piper*
Integration engineer
Koeslinstr. 56
53123 BONN
GERMANY
Phone: +49 228 97167161 <callto:004922897167161>
P2P: sip:rainer at sip.soho-piper.de:5072 (pjsip-test)
XMPP: rainer at xmpp.soho-piper.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20140915/959a8fe6/attachment.html>
Patrick Laimbock
2014-Sep-15 11:21 UTC
[asterisk-users] fail2ban and pjsip in asterisk 12 and 13
Hi Rainer, On 15-09-14 09:07, Rainer Piper wrote:> Hi, > > Info !!! not a question !!! > > the pjsip logger is different: > > [Sep 15 07:33:27] NOTICE[65267] res_pjsip/pjsip_distributor.c: Request > from '"1001" <sip:1001 at 81.20.137.222>' failed for '85.25.197.23:5071' > (callid: 1bfa1fcfee1e20dbe9bbbcac5d7bdffc) - No matching endpoint found > > and here the RegEx for fail2ban to catch this log: > > |NOTICE.* .*: Request from '.*' failed for '<HOST>(:[0-9]{1,5})?' (.*) - > No matching endpoint foundThanks for sharing. If you use github it would be nice if you could submit a pull request so that it becomes part of the Asterisk rules in the next Fail2ban version (0.9.1). https://github.com/fail2ban/fail2ban/pulls HTH, Patrick