search for: eventversion

Displaying 13 results from an estimated 13 matches for "eventversion".

2014 Mar 27
1
Security log format / content
...mber dialed into the "accountid" field. I'm trying to distinguish between failed attempts to register and attempts to dial without registering, but the security log treats them identically (using the accountid field for either the username or number dialed). I have noticed that the eventversion field is set to 2 for failed dial attempts, and 1 otherwise. Is this coincidence? Or can I rely on the eventversion=2 in the future to distinguish these two event types? (I've looked here: https://wiki.asterisk.org/wiki/display/AST/Security+Log+File+Format? but it doesn't really help) -...
2015 Jan 08
4
SEMI OFF-TOPIC - Fail2ban
...list , someone on the list has seen this type of connection attempts in asterisk, fail2ban does not stop 2015-01-08 14:59:47] SECURITY[21515] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at 173.230.133.20",SessionID="0x169f528",LocalAddress="IPV4/UDP/173.230.133.20/5060",RemoteAddress="IPV4/UDP/63.141.229.58/5078",Challenge="770e84a3" [2015-01-08 15:20:20] SECURITY[21515] res_security_log.c: Security...
2019 Nov 27
2
Faxes stopped working - AMI issue?
...rks fine. I do outgoing faxing through an AMI call. Here is the output from the security log: [Nov 27 06:16:05] SECURITY[101222] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="2019-11-27T06:16:05.566-0500",Severity="Informational",Service="SIP",EventVersion="1",AccountID="alex",SessionID="0x80ba54820",LocalAddress="IPV4/UDP/98.158.139.74/5060",RemoteAddress="IPV4/UDP/72.143.94.110/5060",Challenge="215351b4" [Nov 27 06:16:05] SECURITY[101222] res_security_log.c: SecurityEvent="SuccessfulA...
2015 Jan 09
0
SEMI OFF-TOPIC - Fail2ban
...ist , someone on the list has seen this type of connection attempts in asterisk, fail2ban does not stop 2015-01-08 14:59:47] SECURITY[21515] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informat ional",Service="SIP",EventVersion="1",AccountID="sip:100 at 173.230.133.20",Ses sionID="0x169f528",LocalAddress="IPV4/UDP/173.230.133.20/5060",RemoteAddress ="IPV4/UDP/63.141.229.58/5078",Challenge="770e84a3" [2015-01-08 15:20:20] SECURITY[21515] res_security_log.c: Securi...
2019 Sep 27
2
Security AccountID unknown - PJSIP
Hi list, I would like to now what is the sense of such type of entry in security.log [2019-09-27 15:12:24] SECURITY[26964] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="2019-09-27T15:12:24.181+0200",Severity="Informational",Servic e="PJSIP",EventVersion="1",AccountID="<unknown>", SessionID="56b0ca9-d967a90d16411209-a1b0fae1 at 188.165.222.17",LocalAddress="IPV4/UDP/<MyAddress>/5060", RemoteAddress="IPV4/UDP/<attackerIP>/5213",Challenge="" We have a lot of such tries co...
2019 Sep 30
2
Security AccountID unknown - PJSIP
...hat is the sense of such type of entry in security.log >> >> [2019-09-27 15:12:24] SECURITY[26964] res_security_log.c: >> SecurityEvent="ChallengeSent",EventTV="2019-09-27T15:12:24.181+0200",Severity="Informational",Servic >> e="PJSIP",EventVersion="1",AccountID="<unknown>", >> SessionID="56b0ca9-d967a90d16411209-a1b0fae1 at 188.165.222.17",LocalAddress="IPV4/UDP/<MyAddress>/5060", >> RemoteAddress="IPV4/UDP/<attackerIP>/5213",Challenge="" >> >&...
2015 Jan 09
0
SEMI OFF-TOPIC - Fail2ban
...e list has seen this type of connection > attempts in asterisk, fail2ban does not stop > > 2015-01-08 14:59:47] SECURITY[21515] res_security_log.c: > SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at 173.230.133.20",SessionID="0x169f528",LocalAddress="IPV4/UDP/173.230.133.20/5060",RemoteAddress="IPV4/UDP/63.141.229.58/5078",Challenge="770e84a3" > [2015-01-08 15:20:20] SECURITY[21515] res_security_log.c: &gt...
2017 Mar 26
2
Manager events showing in CLI
...gs like: > > > > [2017-03-26 13:49:39] DEBUG[2088]: manager.c:5693 match_filter: Examining > AMI event: > > Event: SuccessfulAuth > > Privilege: security,all > > EventTV: 2017-03-26T13:49:39.407-0400 > > Severity: Informational > > Service: SIP > > EventVersion: 1 > > AccountID: 221essionID: 0x7fa0cc005cc8 > > LocalAddress: IPV4/UDP/192.168.67.4/5060 > > RemoteAddress: IPV4/UDP/192.168.67.26/5060 > > UsingPassword: 1 > > > > > > [2017-03-26 13:49:39] DEBUG[1882]: chan_sip.c:9196 __find_call: = Looking > for Ca...
2017 Mar 26
2
Manager events showing in CLI
Hi Ron, I don't remember right now, but you can try this command: cli> manager set debug off Cheers El 26 mar. 2017 3:58, "Telium Technical Support" <support at telium.ca> escribi?: I somehow cause AMI events to appear as output in the CLI, and I can?t figure out how to turn them off. Can someone offer a command which will suppress AMI events/commands from showing in
2013 Mar 15
0
No subject
SecurityEvent="ChallengeSent",EventTV="1367741794-435078",Severity="Informat ional",Service="SIP",EventVersion="1",AccountID="sip:venu at 192.168.0.35",Sess ionID="0x337bf68",LocalAddress="IPV4/UDP/10.10.1.3/5060",RemoteAddress="IPV4 /UDP/192.168.1.90/5060",Challenge="41cdcd16" ^^^ The other networks confuse me, and perhaps asterisk. Perhaps ser...
2013 Jul 08
1
Asterisk 11 security log, fail2ban, drive-by SIP attacks
Just a note that I did a little work to extend FreePBX distro with some extra Fail2Ban which deals with some drive-by SIP registration attempts. My regex is poor to middling, but the steps detailed here: http://www.coochey.net/?p=61 manage to stop IPs which try to authenticate against Asterisk which FreePBX were not able to stop before. I would welcome any improvements anyone would care to
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst (www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does NOT use the log file, or regexes, to match etc.instead it talks to Asterisk through the AMI to extract security information. Messing with regexes is a losing battle, and the lag in reading logs can allow an attacker 100+ registration
2017 Mar 01
3
fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP. NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong password NOTICE[29784] chan_sip.c: Registration from '"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' - Wrong password systemctl status