Displaying 7 results from an estimated 7 matches for "successfulauth".
2017 Mar 26
2
Manager events showing in CLI
...ectory.
El 26 mar. 2017 14:52, "Telium Technical Support" <support at telium.ca>
escribi?:
> I tried that but it had no effect. Still see things like:
>
>
>
> [2017-03-26 13:49:39] DEBUG[2088]: manager.c:5693 match_filter: Examining
> AMI event:
>
> Event: SuccessfulAuth
>
> Privilege: security,all
>
> EventTV: 2017-03-26T13:49:39.407-0400
>
> Severity: Informational
>
> Service: SIP
>
> EventVersion: 1
>
> AccountID: 221essionID: 0x7fa0cc005cc8
>
> LocalAddress: IPV4/UDP/192.168.67.4/5060
>
> RemoteAddress: IPV4/UDP/...
2015 Jan 09
2
SEMI OFF-TOPIC - Fail2ban
...; legitimate login processes...
>
Hi , strange thing is that I still have not this asterisk in
production and I see many attempts Connection.
Now keep in mind that when a connection of authentication is
successful the message changes and is not exactly what you mention:
## SecurityEvent="SuccessfulAuth",EventTV="1420832883-140932",####
I think this type of connection attempts messages with my asterisk
that fail2ban not detected.
I'm no expert, but the log not lie ;)
regardss
--
rickygm
http://gnuforever.homelinux.com
2017 Mar 26
2
Manager events showing in CLI
Hi Ron,
I don't remember right now, but you can try this command:
cli> manager set debug off
Cheers
El 26 mar. 2017 3:58, "Telium Technical Support" <support at telium.ca>
escribi?:
I somehow cause AMI events to appear as output in the CLI, and I can?t
figure out how to turn them off. Can someone offer a command which will
suppress AMI events/commands from showing in
2019 Nov 27
2
Faxes stopped working - AMI issue?
...ventVersion="1",AccountID="alex",SessionID="0x80ba54820",LocalAddress="IPV4/UDP/98.158.139.74/5060",RemoteAddress="IPV4/UDP/72.143.94.110/5060",Challenge="215351b4"
[Nov 27 06:16:05] SECURITY[101222] res_security_log.c:
SecurityEvent="SuccessfulAuth",EventTV="2019-11-27T06:16:05.591-0500",Severity="Informational",Service="SIP",EventVersion="1",AccountID="alex",SessionID="0x80ba54820",LocalAddress="IPV4/UDP/98.158.139.74/5060",RemoteAddress="IPV4/UDP/72.143.94.110/5...
2015 Jan 09
0
SEMI OFF-TOPIC - Fail2ban
...; legitimate login processes...
>
Hi , strange thing is that I still have not this asterisk in
production and I see many attempts Connection.
Now keep in mind that when a connection of authentication is
successful the message changes and is not exactly what you mention:
## SecurityEvent="SuccessfulAuth",EventTV="1420832883-140932",####
I think this type of connection attempts messages with my asterisk
that fail2ban not detected.
I'm no expert, but the log not lie ;)
regardss
--
rickygm
http://gnuforever.homelinux.com
--
____________________________________________________...
2014 Mar 27
1
Security log format / content
I've noticed that the Asterisk (v11) security log captures attempts do dial without first authenticating, and places the number dialed into the "accountid" field.
I'm trying to distinguish between failed attempts to register and attempts to dial without registering, but the security log treats them identically (using the accountid field for either the username or number
2015 Jan 08
4
SEMI OFF-TOPIC - Fail2ban
Hi list , someone on the list has seen this type of connection
attempts in asterisk, fail2ban does not stop
2015-01-08 14:59:47] SECURITY[21515] res_security_log.c:
SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at