dicko gave the âwhat,â now the âwhyâ - these AMI connections are being done to update the FreePBX Dashboard. So you will see these scrolling by on your Asterisk console whenever you have the Dashboard showing.
You can get âdetailâ of connections by setting debug level >=3
If you see anything NOT from/to 127.0.0.1 (The FreePBX Dashboard as mentioned , or perhaps other AMI services you enabled, FOP2 for example) then you have a problem.
The Asterisk AMI service does bind to 0.0.0.0 by default on a Distro install though you could manually change that for added security. Perhaps you refer to the AMI credentials generated by FreePBX, which only permit connections from 127.0.0.0/24.
I am indeed, the default in /etc/asterisk/manager.conf is 0.0.0.0 , but unless you have an âunusualâ setup, you only need to listen on 127.0.0.1 (127.0.0.0/24 of course also acceptable) , If you have other AMI clients outside your lan then amiproxy would be a good choice as an intermediary.
otherwise bind to the LAN network if needed,
I donât know if the distro firewall allows TCP/5038 through, but if so allowed, you will often see a check on that port as a pre-cursor to a more conventional attack against SIP.
Interesting, Thanks. They are a bit of an annoyance as they push general log entries off the standard list length with non-interesting items. We tend to visit the Dashboard. Are they essential in the log?
OK, I have a serious question. Over the last two days you have made two different threads regarding things youâve found in the logs wondering what it all means. As these are all things that have existed for years in Asterisk my question is this, how do you not know this already?
You have been a member of this community since 2008 so that would indicate at least 12 years experience/use of Asterisk/FreePBX. Before the distro, back when it was all manual. This log snippet you are showing has existed since the Dashboard has been around. The other post about what Asterisk modules are being loaded or not loaded, a thing since Asterisk was started. Chan_SIP/PJSIP logging UNREACHABLE/REACHABLE states in the logs, again been around since the drivers have existed.
So my point is, none of this is new so after over a decade how are you not aware of any of this?