I am trying to implement the new Asterisk 11 security_log with fail2ban but there seems to be a conflict with the distro “System Admin” module as it creates and maintains the jail.local file which I think overrides any settings in jail.conf.
I don’t want to disable “System Admin” so how can I change it to monitor the security_log file without conflicting with the distro System Admin settings?
Seemed like I moved a bit too quickly on this one. Does anyone know if this is actually working? I enabled “security_log => security” in logger_logfiles_custom.conf and it does create the file /var/log/asterisk/security_log but there is no Asterisk info logged. The only info I see logged is AMI login events but not failed sip registrations or anything else that would be useful.
[2013-05-03 13:50:32] SECURITY res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“1367603432-481625”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“xxxxx”,SessionID=“0xb7202bf8”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/37250”,SessionTV=“1367603432-481625”
I am facing the same problem. Does anyone know if this works.