search for: successfulauth

...ectory. El 26 mar. 2017 14:52, "Telium Technical Support" <support at telium.ca> escribi?: > I tried that but it had no effect. Still see things like: > > > > [2017-03-26 13:49:39] DEBUG[2088]: manager.c:5693 match_filter: Examining > AMI event: > > Event: SuccessfulAuth > > Privilege: security,all > > EventTV: 2017-03-26T13:49:39.407-0400 > > Severity: Informational > > Service: SIP > > EventVersion: 1 > > AccountID: 221essionID: 0x7fa0cc005cc8 > > LocalAddress: IPV4/UDP/192.168.67.4/5060 > > RemoteAddress: IPV4/UDP/...

...; legitimate login processes... > Hi , strange thing is that I still have not this asterisk in production and I see many attempts Connection. Now keep in mind that when a connection of authentication is successful the message changes and is not exactly what you mention: ## SecurityEvent="SuccessfulAuth",EventTV="1420832883-140932",#### I think this type of connection attempts messages with my asterisk that fail2ban not detected. I'm no expert, but the log not lie ;) regardss -- rickygm http://gnuforever.homelinux.com

Hi Ron, I don't remember right now, but you can try this command: cli> manager set debug off Cheers El 26 mar. 2017 3:58, "Telium Technical Support" <support at telium.ca> escribi?: I somehow cause AMI events to appear as output in the CLI, and I can?t figure out how to turn them off. Can someone offer a command which will suppress AMI events/commands from showing in

...ventVersion="1",AccountID="alex",SessionID="0x80ba54820",LocalAddress="IPV4/UDP/98.158.139.74/5060",RemoteAddress="IPV4/UDP/72.143.94.110/5060",Challenge="215351b4" [Nov 27 06:16:05] SECURITY[101222] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2019-11-27T06:16:05.591-0500",Severity="Informational",Service="SIP",EventVersion="1",AccountID="alex",SessionID="0x80ba54820",LocalAddress="IPV4/UDP/98.158.139.74/5060",RemoteAddress="IPV4/UDP/72.143.94.110/5...

...; legitimate login processes... > Hi , strange thing is that I still have not this asterisk in production and I see many attempts Connection. Now keep in mind that when a connection of authentication is successful the message changes and is not exactly what you mention: ## SecurityEvent="SuccessfulAuth",EventTV="1420832883-140932",#### I think this type of connection attempts messages with my asterisk that fail2ban not detected. I'm no expert, but the log not lie ;) regardss -- rickygm http://gnuforever.homelinux.com -- ____________________________________________________...

I've noticed that the Asterisk (v11) security log captures attempts do dial without first authenticating, and places the number dialed into the "accountid" field. I'm trying to distinguish between failed attempts to register and attempts to dial without registering, but the security log treats them identically (using the accountid field for either the username or number

Hi list , someone on the list has seen this type of connection attempts in asterisk, fail2ban does not stop 2015-01-08 14:59:47] SECURITY[21515] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at