Asterisk log flooded with security entries

Getting just a ton of these entries. Don’t remember ever seeing them before and especially not several per second:

[2022-01-17 17:17:39] SECURITY[928] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2022-01-17T17:17:39.200-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f77d00060f0”,LocalAddress=“IPV4/TCP/”,RemoteAddress=“IPV4/TCP/”,UsingPassword=“0”,SessionTV=“2022-01-17T17:17:39.200-0500”

anyone know what these are from?

Something on the server itself is using AMI. This could be any of a large number of services.

FreePBX continuously makes AMI connections from localhost, so it’s likely that. The log entry alone is not indicative of anything suspicious.

Thanks Lorne. It was just weird, hadn’t seen that before…

1 Like

Because you changed something, or an update changed something.
Normally, you don’t want security entries in the asterisk log.

Change Security to only be on for fail2ban


just checked and all the security settings were off… weird

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.