Not sure if this is the correct place to post this. I am getting this message appear in the fail2ban logs while looking in the Asterisk Log Files. It appears every 2 seconds or so.
11063 [2025-01-24 15:37:45] SECURITY[3756] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2025-01-24T15:37:45.395-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f42e80022c8”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/43090”,UsingPassword=“0”,SessionTV=“2025-01-24T15:37:45.395-0500”
11064 [2025-01-24 15:37:48] SECURITY[3756] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2025-01-24T15:37:48.469-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f42f400d438”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/43096”,UsingPassword=“0”,SessionTV=“2025-01-24T15:37:48.469-0500”
11065 [2025-01-24 15:37:51] SECURITY[3756] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2025-01-24T15:37:51.553-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f42fc002068”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/43102”,UsingPassword=“0”,SessionTV=“2025-01-24T15:37:51.553-0500”
11066 [2025-01-24 15:37:54] SECURITY[3756] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2025-01-24T15:37:54.619-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f42fc002068”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/43108”,UsingPassword=“0”,SessionTV=“2025-01-24T15:37:54.619-0500”
11067 [2025-01-24 15:37:57] SECURITY[3756] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2025-01-24T15:37:57.686-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f42fc002068”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/43114”,UsingPassword=“0”,SessionTV=“2025-01-24T15:37:57.686-0500”
11068 [2025-01-24 15:38:00] SECURITY[3756] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2025-01-24T15:38:00.752-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f42fc002068”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/43120”,UsingPassword=“0”,SessionTV=“2025-01-24T15:38:00.752-0500”
11069 [2025-01-24 15:38:03] SECURITY[3756] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2025-01-24T15:38:03.678-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f42fc002068”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/43126”,UsingPassword=“0”,SessionTV=“2025-01-24T15:38:03.678-0500”
11070 [2025-01-24 15:38:03] SECURITY[3756] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2025-01-24T15:38:03.822-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f42fc002068”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/43132”,UsingPassword=“0”,SessionTV=“2025-01-24T15:38:03.822-0500”
11071 [2025-01-24 15:38:06] SECURITY[3756] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2025-01-24T15:38:06.897-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f42fc002068”,LocalAddress=“IPV4/TCP/0.0.0.0/5038”,RemoteAddress=“IPV4/TCP/127.0.0.1/43138”,UsingPassword=“0”,SessionTV=“2025-01-24T15:38:06.897-0500”
I am not sure where to start to look as the IP address referenced is the loopback IP and there is no user called admin on the PBX. This has been occurring for some time now.