Security logs relevant for fail2ban?

avayax · October 27, 2017, 12:26pm

In Asterisk logfile settings, there is the option to add security logs.
What exactly gets logged with this apart from security events like e.g.:

[2017-10-27 07:51:09] SECURITY[13953] res_security_log.c: SecurityEvent=“SuccessfulAuth”,EventTV="1509105069…

Those come in great numbers and make it more difficult finding other more relevant stuff.

What if I set security logging to off?
Would I be missing events relevant to fail2ban?

lgaetz · October 27, 2017, 12:42pm

If you are running the Distro, you will see that in addition to the console and the full log, another file is generated specificlly for fail2ban:

*CLI> logger show channels
Logger queue limit: 1000

Channel                             Type     Status    Configuration
-------                             ----     ------    -------------
/var/log/asterisk/fail2ban          File     Enabled    - NOTICE WARNING SECURITY
                                    Console  Enabled    - DEBUG WARNING ERROR VERBOSE DTMF FAX
/var/log/asterisk/full              File     Enabled    - DEBUG NOTICE WARNING ERROR VERBOSE DTMF FAX

You can configure the full log to your taste, it’s isn’t used for intrusion detection.

trixie_no5 · July 24, 2018, 10:06am

How does one configure /var/log/asterisk/fail2ban to only log fail2ban events?

lgaetz · July 24, 2018, 11:33am

System Admin configures this for you, there are no user settings.