Hello, fail2ban does not ban offending IP.
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for
'offending-IP:53417' - Wrong
password
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for
?offending-IP:53911' -
Wrong password
systemctl status fail2ban
? fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor
preset: disabled)
Active: active (running) since Wed 2017-03-01 00:40:43 PST; 470min ago
Docs: man:fail2ban(1)
jail.local
[DEFAULT]
# "bantime" is the number of seconds that a host is banned.
bantime = -1
# A host is banned if it has generated "maxretry" during the last
"findtime"
# seconds.
findtime = 300
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
[asterisk-iptables]
enable = true
port = 5060,5061
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail[name=ASTERISK, dest=motty at email.com,
sender=fail2ban at asterisk-ip.com]
#action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s",
protocol="tcp", chain="%(chain)s",
actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s",
protocol="udp", chain="%(chain)s",
actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/asterisk/messages
maxretry = 3
findtime = 300
bantime = -1
in filter.d
asterisk.conf
failregex = ^%(__prefix_line)s%(log_prefix)s Registration from
'[^']*'
failed for '<HOST>(:\d+)?' - (Wrong password|Username/auth name
mismatch|No
matching peer found|Not a local domain|Device does not match ACL|Peer is not
supposed to register|ACL error \(permit/deny\)|Not a local domain)$
^%(__prefix_line)s%(log_prefix)s Call from '[^']*'
\(<HOST>:\d+\) to extension '[^']*' rejected because extension
not found in
context
^%(__prefix_line)s%(log_prefix)s Host <HOST> failed to
authenticate as '[^']*'$
^%(__prefix_line)s%(log_prefix)s No registration for peer
'[^']*' \(from <HOST>\)$
^%(__prefix_line)s%(log_prefix)s Host <HOST> failed MD5
authentication for '[^']*' \([^)]+\)$
^%(__prefix_line)s%(log_prefix)s Failed to authenticate
(user|device) [^@]+@<HOST>\S*$
^%(__prefix_line)s%(log_prefix)s hacking attempt detected
'<HOST>'$
^%(__prefix_line)s%(log_prefix)s
SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPa
ssword)",EventTV="([\d-]+|%(iso8601)s)",Severity="[\w]+",Service="[\w]+",Eve
ntVersion="\d+",AccountID="(\d*|<unknown>)",SessionID=".+",LocalAddress="IPV
[46]/(UDP|TCP|WS)/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HO
ST>/\d+"(,Challenge="[\w/]+")?(,ReceivedChallenge="\w+")?(,Response="\w+",Ex
pectedResponse="\w*")?(,ReceivedHash="[\da-f]+")?(,ACLName="\w+")?$
^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP
connection from <HOST>"$
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*'
)?from '[^']
*' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:No
matching
endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to
authenticate)\s*$
failregex = NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Wrong
password
NOTICE.* .*: Registration from '.*' failed for
'<HOST>:.*' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' -
Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Device
does not match ACL
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Peer
is not supposed to register
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - ACL
error (permit/deny)
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Device
does not match ACL
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' \(from
<HOST>\)
NOTICE.* .*: Host <HOST> failed MD5 authentication for
'.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
NOTICE.* .*: Sending fake auth rejection for device
.*\<sip:.*\@<HOST>\>;tag=.*
NOTICE.* .*: Registration from '\".*\".*' failed
for '<HOST>' -
No matching peer found
NOTICE.* .*: Registration from '\".*\".*' failed
for '<HOST>' -
Wrong password
ignoreregex
Thanks
Motty
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20170301/cf353523/attachment.html>
Think that U should ask in Fain2ban LIST 2017-03-01 20:29 GMT+02:00 Motty Cruz <motty.cruz at gmail.com>:> Hello, fail2ban does not ban offending IP. > > > > NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' > failed for 'offending-IP:53417' - Wrong password > > NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' > failed for ?offending-IP:53911' - Wrong password > > > > systemctl status fail2ban > > ? fail2ban.service - Fail2Ban Service > > Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; > vendor preset: disabled) > > Active: active (running) since Wed 2017-03-01 00:40:43 PST; 470min ago > > Docs: man:fail2ban(1) > > > > jail.local > > [DEFAULT] > > # "bantime" is the number of seconds that a host is banned. > > bantime = -1 > > > > # A host is banned if it has generated "maxretry" during the last > "findtime" > > # seconds. > > findtime = 300 > > > > # "maxretry" is the number of failures before a host get banned. > > maxretry = 3 > > > > [asterisk-iptables] > > enable = true > > port = 5060,5061 > > filter = asterisk > > action = iptables-allports[name=ASTERISK, protocol=all] > > sendmail[name=ASTERISK, dest=motty at email.com, sender> fail2ban at asterisk-ip.com] > > #action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", > protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] > > %(banaction)s[name=%(__name__)s-udp, port="%(port)s", > protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] > > %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"] > > logpath = /var/log/asterisk/messages > > maxretry = 3 > > findtime = 300 > > bantime = -1 > > > > > > in filter.d > > asterisk.conf > > failregex = ^%(__prefix_line)s%(log_prefix)s Registration from '[^']*' > failed for '<HOST>(:?d+)?' - (Wrong password|Username/auth name mismatch|No > matching peer found|Not a local domain|Device does not match ACL|Peer is > not supposed to register|ACL error ?(permit/deny?)|Not a local domain)$ > > ^%(__prefix_line)s%(log_prefix)s Call from '[^']*' > ?(<HOST>:?d+?) to extension '[^']*' rejected because extension not found in > context > > ^%(__prefix_line)s%(log_prefix)s Host <HOST> failed to > authenticate as '[^']*'$ > > ^%(__prefix_line)s%(log_prefix)s No registration for peer > '[^']*' ?(from <HOST>?)$ > > ^%(__prefix_line)s%(log_prefix)s Host <HOST> failed MD5 > authentication for '[^']*' ?([^)]+?)$ > > ^%(__prefix_line)s%(log_prefix)s Failed to authenticate > (user|device) [^@]+@<HOST>?S*$ > > ^%(__prefix_line)s%(log_prefix)s hacking attempt detected > '<HOST>'$ > > ^%(__prefix_line)s%(log_prefix)s SecurityEvent="(FailedACL| > InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="([? > d-]+|%(iso8601)s)",Severity="[?w]+",Service="[?w]+", > EventVersion="?d+",AccountID="(?d*|<unknown>)",SessionID=".+ > ",LocalAddress="IPV[46]/(UDP|TCP|WS)/[?da-fA-F:.]+/?d+", > RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HOST>/?d+"(,Challenge="[?w/]+")?(, > ReceivedChallenge="?w+")?(,Response="?w+",ExpectedResponse="?w*")?(, > ReceivedHash="[?da-f]+")?(,ACLName="?w+")?$ > > ^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP > connection from <HOST>"$ > > ^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from > '[^']*' failed for '<HOST>(?::?d+)?'?s?(callid: [^?)]*?) - (?:No matching > endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to > authenticate)?s*$ > > > > failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - > Wrong password > > NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - > No matching peer found > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No > matching peer found > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - > Username/auth name mismatch > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - > Device does not match ACL > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Peer > is not supposed to register > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - ACL > error (permit/deny) > > NOTICE.* .*: Registration from '.*' failed for '<HOST>' - > Device does not match ACL > > NOTICE.* <HOST> failed to authenticate as '.*'$ > > NOTICE.* .*: No registration for peer '.*' ?(from <HOST>?) > > NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' > (.*) > > NOTICE.* .*: Failed to authenticate user .*@<HOST>.* > > NOTICE.* .*: Sending fake auth rejection for device > .*?<sip:.*?@<HOST>?>;tag=.* > > NOTICE.* .*: Registration from '?".*?".*' failed for '<HOST>' > - No matching peer found > > NOTICE.* .*: Registration from '?".*?".*' failed for '<HOST>' > - Wrong password > > > > ignoreregex > > > > Thanks > > Motty > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk. > org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-- Best regards Antony tel. +380669197533 tel2. +380636564340 Paypal http://paypal.me/Satskiy <http://paypal.me/Satskiy?ppid=PPC000654&cnac=PL&rsta=en_PL(en_DK)&cust=NN8XJS9XEP22C&unptid=21db79ac-ef8d-11e5-9553-9c8e992ea258&t=&cal=4d776c21ca7d2&calc=4d776c21ca7d2&calf=4d776c21ca7d2&unp_tpcid=ppme-social-business-profile-created&page=main:email&pgrp=main:email&e=op&mchn=em&s=ci&mail=sys> satskiy.a at gmail.com <mail%3Asatskiy.a at gmail.com> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170301/fecb2bc0/attachment.html>
It's possible that you need to increase the value of 'findtime' to
something greater than 300 secs. You also may want to set "timestamp =
yes"
in asterisk.conf so each line in the CLI will be time stamped. Time stamping
it will be the definitive determination on whether or not the 'findtime'
is
the culprit.
Regards;
John V.
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Motty Cruz
Sent: Wednesday, March 01, 2017 01:29 PM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: [asterisk-users] fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP.
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for
'offending-IP:53417' - Wrong
password
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for
'offending-IP:53911' - Wrong
password
# A host is banned if it has generated "maxretry" during the last
"findtime"
# seconds.
findtime = 300
[asterisk-iptables]
enable = true
port = 5060,5061
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail[name=ASTERISK, dest=motty at email.com,
sender=fail2ban at asterisk-ip.com]
#action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s",
protocol="tcp", chain="%(chain)s",
actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s",
protocol="udp", chain="%(chain)s",
actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/asterisk/messages
maxretry = 3
findtime = 300
bantime = -1
in filter.d
asterisk.conf
failregex = ^%(__prefix_line)s%(log_prefix)s Registration from
'[^']*'
failed for '<HOST>(:\d+)?' - (Wrong password|Username/auth name
mismatch|No
matching peer found|Not a local domain|Device does not match ACL|Peer is not
supposed to register|ACL error \(permit/deny\)|Not a local domain)$
^%(__prefix_line)s%(log_prefix)s Call from '[^']*'
\(<HOST>:\d+\) to extension '[^']*' rejected because extension
not found in
context
^%(__prefix_line)s%(log_prefix)s Host <HOST> failed to
authenticate as '[^']*'$
^%(__prefix_line)s%(log_prefix)s No registration for peer
'[^']*' \(from <HOST>\)$
^%(__prefix_line)s%(log_prefix)s Host <HOST> failed MD5
authentication for '[^']*' \([^)]+\)$
^%(__prefix_line)s%(log_prefix)s Failed to authenticate
(user|device) [^@]+@<HOST>\S*$
^%(__prefix_line)s%(log_prefix)s hacking attempt detected
'<HOST>'$
^%(__prefix_line)s%(log_prefix)s
SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPa
ssword)",EventTV="([\d-]+|%(iso8601)s)",Severity="[\w]+",Service="[\w]+",Eve
ntVersion="\d+",AccountID="(\d*|<unknown>)",SessionID=".+",LocalAddress="IPV
[46]/(UDP|TCP|WS)/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HO
ST>/\d+"(,Challenge="[\w/]+")?(,ReceivedChallenge="\w+")?(,Response="\w+",Ex
pectedResponse="\w*")?(,ReceivedHash="[\da-f]+")?(,ACLName="\w+")?$
^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP
connection from <HOST>"$
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*'
)?from
'[^']*' failed for '<HOST>(?::\d+)?'\s\(callid:
[^\)]*\) - (?:No matching
endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to
authenticate)\s*$
failregex = NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Wrong
password
NOTICE.* .*: Registration from '.*' failed for
'<HOST>:.*' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' -
Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Device
does not match ACL
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Peer
is not supposed to register
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - ACL
error (permit/deny)
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Device
does not match ACL
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' \(from
<HOST>\)
NOTICE.* .*: Host <HOST> failed MD5 authentication for
'.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@
<mailto:.*@%3cHOST%3e.*> <HOST>.*
NOTICE.* .*: Sending fake auth rejection for device .*\<sip:.*\@
<sip:.*\@%3cHOST> <HOST>\>;tag=.*
NOTICE.* .*: Registration from '\".*\".*' failed
for '<HOST>' -
No matching peer found
NOTICE.* .*: Registration from '\".*\".*' failed
for '<HOST>' -
Wrong password
ignoreregex
Thanks
Motty
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20170301/8058c6ca/attachment.html>
If this is a small site, I recommend you download the free version of SecAst
(www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does
NOT use the log file, or regexes, to match etc.instead it talks to Asterisk
through the AMI to extract security information. Messing with regexes is a
losing battle, and the lag in reading logs can allow an attacker 100+
registration attempts before fail2ban even does anything (assuming the IP is
exposed in the Asterisk log).
If this is a large install then post in the commercial list for more
information.
-Raj-
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Tech Support
Sent: Wednesday, March 1, 2017 2:37 PM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
<asterisk-users at lists.digium.com>
Subject: Re: [asterisk-users] fail2ban Asterisk 13.13.1
It's possible that you need to increase the value of 'findtime'
to
something greater than 300 secs. You also may want to set "timestamp =
yes"
in asterisk.conf so each line in the CLI will be time stamped. Time stamping
it will be the definitive determination on whether or not the 'findtime'
is
the culprit.
Regards;
John V.
From: asterisk-users-bounces at lists.digium.com
<mailto:asterisk-users-bounces at lists.digium.com>
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Motty Cruz
Sent: Wednesday, March 01, 2017 01:29 PM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: [asterisk-users] fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP.
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for
'offending-IP:53417' - Wrong
password
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for
'offending-IP:53911' - Wrong
password
# A host is banned if it has generated "maxretry" during the last
"findtime"
# seconds.
findtime = 300
[asterisk-iptables]
enable = true
port = 5060,5061
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail[name=ASTERISK, dest=motty at email.com
<mailto:dest=motty at email.com> , sender=fail2ban at asterisk-ip.com
<mailto:sender=fail2ban at asterisk-ip.com> ]
#action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s",
protocol="tcp", chain="%(chain)s",
actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s",
protocol="udp", chain="%(chain)s",
actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/asterisk/messages
maxretry = 3
findtime = 300
bantime = -1
in filter.d
asterisk.conf
failregex = ^%(__prefix_line)s%(log_prefix)s Registration from
'[^']*'
failed for '<HOST>(:\d+)?' - (Wrong password|Username/auth name
mismatch|No
matching peer found|Not a local domain|Device does not match ACL|Peer is not
supposed to register|ACL error \(permit/deny\)|Not a local domain)$
^%(__prefix_line)s%(log_prefix)s Call from '[^']*'
\(<HOST>:\d+\) to extension '[^']*' rejected because extension
not found in
context
^%(__prefix_line)s%(log_prefix)s Host <HOST> failed to
authenticate as '[^']*'$
^%(__prefix_line)s%(log_prefix)s No registration for peer
'[^']*' \(from <HOST>\)$
^%(__prefix_line)s%(log_prefix)s Host <HOST> failed MD5
authentication for '[^']*' \([^)]+\)$
^%(__prefix_line)s%(log_prefix)s Failed to authenticate
(user|device) [^@]+@<HOST>\S*$
^%(__prefix_line)s%(log_prefix)s hacking attempt detected
'<HOST>'$
^%(__prefix_line)s%(log_prefix)s
SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPa
ssword)",EventTV="([\d-]+|%(iso8601)s)",Severity="[\w]+",Service="[\w]+",Eve
ntVersion="\d+",AccountID="(\d*|<unknown>)",SessionID=".+",LocalAddress="IPV
[46]/(UDP|TCP|WS)/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HO
ST>/\d+"(,Challenge="[\w/]+")?(,ReceivedChallenge="\w+")?(,Response="\w+",Ex
pectedResponse="\w*")?(,ReceivedHash="[\da-f]+")?(,ACLName="\w+")?$
^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP
connection from <HOST>"$
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*'
)?from
'[^']*' failed for '<HOST>(?::\d+)?'\s\(callid:
[^\)]*\) - (?:No matching
endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to
authenticate)\s*$
failregex = NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Wrong
password
NOTICE.* .*: Registration from '.*' failed for
'<HOST>:.*' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - No
matching peer found
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' -
Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Device
does not match ACL
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Peer
is not supposed to register
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - ACL
error (permit/deny)
NOTICE.* .*: Registration from '.*' failed for
'<HOST>' - Device
does not match ACL
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' \(from
<HOST>\)
NOTICE.* .*: Host <HOST> failed MD5 authentication for
'.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@
<mailto:.*@%3cHOST%3e.*> <HOST>.*
NOTICE.* .*: Sending fake auth rejection for device .*\<sip:.*\@
<sip:.*\@%3cHOST> <HOST>\>;tag=.*
NOTICE.* .*: Registration from '\".*\".*' failed
for '<HOST>' -
No matching peer found
NOTICE.* .*: Registration from '\".*\".*' failed
for '<HOST>' -
Wrong password
ignoreregex
Thanks
Motty
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20170301/5b45dc50/attachment.html>