Getting just a ton of these entries. Don’t remember ever seeing them before and especially not several per second:
[2022-01-17 17:17:39] SECURITY res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2022-01-17T17:17:39.200-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f77d00060f0”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/35228”,UsingPassword=“0”,SessionTV=“2022-01-17T17:17:39.200-0500”
anyone know what these are from?
Something on the server itself is using AMI. This could be any of a large number of services.
FreePBX continuously makes AMI connections from localhost, so it’s likely that. The log entry alone is not indicative of anything suspicious.
Thanks Lorne. It was just weird, hadn’t seen that before…
Because you changed something, or an update changed something.
Normally, you don’t want security entries in the asterisk log.
Change Security to only be on for fail2ban
just checked and all the security settings were off… weird
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.