In Asterisk logfile settings, there is the option to add security logs.
What exactly gets logged with this apart from security events like e.g.:
[2017-10-27 07:51:09] SECURITY res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV="1509105069…
Those come in great numbers and make it more difficult finding other more relevant stuff.
What if I set security logging to off?
Would I be missing events relevant to fail2ban?
If you are running the Distro, you will see that in addition to the console and the full log, another file is generated specificlly for fail2ban:
*CLI> logger show channels
Logger queue limit: 1000
Channel Type Status Configuration
------- ---- ------ -------------
/var/log/asterisk/fail2ban File Enabled - NOTICE WARNING SECURITY
Console Enabled - DEBUG WARNING ERROR VERBOSE DTMF FAX
/var/log/asterisk/full File Enabled - DEBUG NOTICE WARNING ERROR VERBOSE DTMF FAX
You can configure the full log to your taste, it’s isn’t used for intrusion detection.
How does one configure /var/log/asterisk/fail2ban to only log fail2ban events?
System Admin configures this for you, there are no user settings.