Bug in Asterisk Logfiles Module ver 15.0.4

(Lorne Gaetz) #1

Last week a security update was published for the Asterisk Logfiles module to resolve a cross site scripting vulnerability, version 15.0.4. Many (perhaps most) systems would have received the update and installed it automatically in the early morning of August 19. In addition to the XSS fix, there were improvements in logfiles browsing as well as updates on the way the logfiles are managed.

Version 15.0.4 has a new bug that changed the default settings for the full log and console such that logging was completely disabled. The fail2ban asterisk log generated by System Admin for Intrustion Detection was not affected. There are several reports in a few threads here in the forum about this. The immediate work around was to browse to Settings, Asterisk Logfiles and manually enable the log levels desired for both full and console.

As of a few hours ago, there is an updated ver (15.0.7) in the edge repo which resolves this issue. The workaround will continue to work, but you can also update to edge using this command:

fwconsole ma upgrade logfiles --edge

After you apply config, you can confirm log levels are restored to normal with the Asterisk command:

58448910*CLI> logger show channels
Logger queue limit: 1000

Channel                             Type     Formatter  Status    Configuration
-------                             ----     ---------  ------    -------------
/var/log/asterisk/full              File     default    Enabled    - DEBUG NOTICE WARNING ERROR VERBOSE
/var/log/asterisk/fail2ban          File     default    Enabled    - NOTICE WARNING SECURITY
                                    Console  default    Enabled    - DEBUG NOTICE WARNING ERROR VERBOSE

Asterisk not logging
DISREGARD: Your system may NOT be logging properly and you don't know it (yet)!
Asterisk log file (full) empty since update
Seeing calls in CDR that do not appear in /var/log/asterisk/full*
Can't find logs anymore and the log I can find is littered with [freepbx.INFO]: Deprecated way to add Console commands for module backup, adding console commands this way can have negative performance impacts. Please use module.xml
Outgoing calls with a new SIP registrar
Cli no longer shows any information
Low Sound Quality for Voicemail
FreePBX will not forward calls externally
Speed dial international
No CLI Debug Output?
Asterisk logging channel removed after upgrade to FreePBX 15
Asterisk log
Can't Register with SIP Trunk
IVR with PIN + API query
All Circuits Busy - FreePBX and SIPStation
Astrisk logfile is no longer visable
Incoming calls closes 10 second duration
Dial out issue
(Lorne Gaetz) pinned globally #2

(sawgood1000) #3

Excellent information.
Worked as described.
Thank you.

(Estados Unidos) #5

try this message:
logfiles is the same as the online version, unable to upgrade