avayax
(Johann Zurner)
1
In Asterisk logfile settings, there is the option to add security logs.
What exactly gets logged with this apart from security events like e.g.:
[2017-10-27 07:51:09] SECURITY[13953] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV="1509105069…
Those come in great numbers and make it more difficult finding other more relevant stuff.
What if I set security logging to off?
Would I be missing events relevant to fail2ban?
lgaetz
(Lorne Gaetz)
2
If you are running the Distro, you will see that in addition to the console and the full log, another file is generated specificlly for fail2ban:
*CLI> logger show channels
Logger queue limit: 1000
Channel Type Status Configuration
------- ---- ------ -------------
/var/log/asterisk/fail2ban File Enabled - NOTICE WARNING SECURITY
Console Enabled - DEBUG WARNING ERROR VERBOSE DTMF FAX
/var/log/asterisk/full File Enabled - DEBUG NOTICE WARNING ERROR VERBOSE DTMF FAX
You can configure the full log to your taste, it’s isn’t used for intrusion detection.
1 Like
trixie_no5
(Gunter Treichel)
3
How does one configure /var/log/asterisk/fail2ban to only log fail2ban events?
lgaetz
(Lorne Gaetz)
4
System Admin configures this for you, there are no user settings.