ashcortech
(AshCorTech)
1
Getting just a ton of these entries. Don’t remember ever seeing them before and especially not several per second:
[2022-01-17 17:17:39] SECURITY[928] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2022-01-17T17:17:39.200-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f77d00060f0”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/35228”,UsingPassword=“0”,SessionTV=“2022-01-17T17:17:39.200-0500”
anyone know what these are from?
adell4444
(Andrew)
2
Something on the server itself is using AMI. This could be any of a large number of services.
lgaetz
(Lorne Gaetz)
3
FreePBX continuously makes AMI connections from localhost, so it’s likely that. The log entry alone is not indicative of anything suspicious.
ashcortech
(AshCorTech)
4
Thanks Lorne. It was just weird, hadn’t seen that before…
1 Like
sorvani
(Jared Busch)
5
Because you changed something, or an update changed something.
Normally, you don’t want security entries in the asterisk log.
Change Security to only be on for fail2ban
3 Likes
ashcortech
(AshCorTech)
6
just checked and all the security settings were off… weird
system
(system)
Closed
7
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
