Security logs relevant for fail2ban?

In Asterisk logfile settings, there is the option to add security logs.
What exactly gets logged with this apart from security events like e.g.:

[2017-10-27 07:51:09] SECURITY[13953] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV="1509105069…

Those come in great numbers and make it more difficult finding other more relevant stuff.

What if I set security logging to off?
Would I be missing events relevant to fail2ban?

If you are running the Distro, you will see that in addition to the console and the full log, another file is generated specificlly for fail2ban:

*CLI> logger show channels
Logger queue limit: 1000

Channel                             Type     Status    Configuration
-------                             ----     ------    -------------
/var/log/asterisk/fail2ban          File     Enabled    - NOTICE WARNING SECURITY
                                    Console  Enabled    - DEBUG WARNING ERROR VERBOSE DTMF FAX
/var/log/asterisk/full              File     Enabled    - DEBUG NOTICE WARNING ERROR VERBOSE DTMF FAX

You can configure the full log to your taste, it’s isn’t used for intrusion detection.

1 Like

How does one configure /var/log/asterisk/fail2ban to only log fail2ban events?

System Admin configures this for you, there are no user settings.