Fail2 ban log errors

I am getting this message in my fail2ban log file every 5 seconds or so

[2023-12-02 10:16:54] SECURITY[2672] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2023-12-02T10:16:54.315-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f9010000a40”,LocalAddress=“IPV4/TCP/”,RemoteAddress=“IPV4/TCP/”,UsingPassword=“0”,SessionTV=“2023-12-02T10:16:54.315-0500”

Here is my version
PBX Version:

PBX Distro: 12.7.8-2306-1.sng7

Asterisk Version: 19.8.0

Any help is appreciated.

nothing wrong here, but this ami client would be better written to make just make one connection and keep it open.

Not sure what that means, is it a freepbx thing or some code I need to have written?

Depends on what process is opening those connections, unfortunately too many use the admin account so you would have to resort to examining traffic on port 5038 on /dev/ something like wireshark or

tcpdump -v -i lo -s0 port 5938

what will that command do if I run it? I am a novice

it will dump to the console any traffic on the ‘local’ ( interface on port 5038 (AMI) you will see textual strings mixed in with hex control that should identify the ‘requests’ being made, these should help identify the actual client making those connections

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.