Fail2ban logs filling up

FreePBX Distro 15

Getting gigabyte sized fail2ban logs filling up with this entry every second…

[2022-01-24 18:00:32] SECURITY[12085] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV=“2022-01-24T18:00:32.279-0500”,Severity=“Informational”,Service=“AMI”,EventVersion=“1”,AccountID=“admin”,SessionID=“0x7f67080ae2f0”,LocalAddress=“IPV4/TCP/”,RemoteAddress=“IPV4/TCP/”,UsingPassword=“0”,SessionTV=“2022-01-24T18:00:32.279-0500”

not only is it eating up drive space but eventually it causes Fail2Ban to eat most of the cpu resources.

Legitimate AMI connections from admin to localhost/5028, FreePBX will do that every minute, they are updateing the ‘dashboard’ and if you are interacting with the GUI, more often, any more than that, then dig out wireshark . . .

something fubar with the freepbx firewall I think…

This system is on a vultr vm and have a VPN set up between it and my firewall. if i run the freepbx firewall I can’t ping to my network and my deskphone drops off and comes back online randomly (couple times an hour).

Kill the fire wall and watch the system, pings go continuosly back and forth no problem and the phone stays online… The Fail2Ban log still gets those entries but only about every minute or so as opposed to every second before.

Did you “dig out wireshark” yet? (tcpdump is a rough and ready ‘quick look’)

not yet… don’t have the energy for that tonight… :wink:

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.