Currently FreePBX logs in the /var/log/asterisk/freepbx_security.log file the dates in the following format:
[2020-Nov-10 16:13:41] [freepbx_security.NOTICE]: Authentication failure for S from 1.2.3.4 [] []
Is there a way to change the date format to be the same as asterisk applies in the /var/log/asterisk/full format? That dateformat is as such:
[2020-11-10 10:40:50] NOTICE[1673] chan_sip.c: Peer ‘99200’ is now Reachable. (25ms / 2000ms)
I have already updated the “Date and Time Format” under “Advanced Settings” to YYYY-MM-DD HH:mm:ss, as well as %F %T, similar to the standard under the “Asterisk Logfile Settings”. I’m probably overlooking where I can change this, can somebody point me into the right direction?
Hi My friend,
Same problems here but,
After 1 night trying to search relevant infos about it in the web and in ALL THE SOURCE, I guess I’ve managed to overcame to this with a WAS in PHP code…
Just edit the dateformatter in /your_freepbx_web_root/admin/libraries/BMO/Logger.class.php
Search for:
$dateFormat = “Y-M-d H:i:s”;
Change as needed…
E.g
2020-09-14 00:55:00 -> $dateFormat = “Y-m-d H:i:s”;
Hope this help and someone implement this simple change in the UI.
Br,
Luca
Interesting, the dateformat is normally a ‘general’ setting not log specific, In the GUI under logfile settings->date format what do you have ? Is that overwriten anywhere in your /etc/asterisk/log*.conf files ?
Hello @dicko,
Here is the answer:
quote=“dicko, post:3, topic:71418”]
grep -ri dateformat /etc/asterisk/log*
[/quote]
$ grep -ri dateformat /etc/asterisk/log*
/etc/asterisk/logger.conf.dpkg-new:;dateformat=%F %T ; ISO 8601 date format
/etc/asterisk/logger.conf.dpkg-new:;dateformat=%F %T.%3q ; with milliseconds
/etc/asterisk/logger_general_additional.conf:dateformat=%F %T
Yes, that log file is hardcoded as to timestamp, you could file a feature request for it to instead more logically follow the settings in the logfile page or suffer the warnings about failed signatures, but is it only a cosmetic thing that causes this angst?
Hi @dicko,
Thanks for your feedback.
My thought was add a fail2ban filter in freepbx log “in the easy way” since Y-M-d is not parsed out of the box.
I’m not so confident with regex .
In any case, is there a way to force signature in order to avoid the annoying warning in the dashboard?
Alternatively, could you please address me to a simple way to add fail2ban filter on failed login attempts on the web GUI of freepbx?
Thank you very much!
Luca
I believe you will find that fail2ban understands many formats for timestamps ‘out of the box’ you just need to isolate the <HOST> in your regexes after the ‘prefix’
Yes,
Unfortunately that kind of format is not recognised…
I tried to format a correct prefix regex with no success hahaha.
Anyway, I’ll try to deep understand the fail2ban logic in order to adapt.
Thanks again.
Luca
Adding a date pattern indeed resolved it. I came to the same conclusion a day after I posted. I am running FreePBX on a Ubuntu18.04 LTS with fail2ban installed from the repos, I dont want to manually override the repositories.
In order to have Fail2ban also check the freepbx_security.log file I have added an additional jail, and added the below file to the filter.d folder. For me, this works like a charm
# Fail2Ban configuration file
#
#
# $Revision: 251 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
# Asterisk 1.8 uses Host:Port format which is reflected here
failregex = \[freepbx_security\.NOTICE\]: Authentication failure for .* from <HOST> \[\] \[\]
datepattern = ^\[%%Y-%%b-%%d %%H:%%M:%%S\]
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =