Zulu Authentication logs


#1

We had a client who had a recent attack come across the Zulu app and make a bunch of calls.

I was reviewing the logs and I can see where the extension registered but the IP address it shows registered from is 127.0.0.1. It is this way across all the logs I have looked at.

Is there a log that will tell me exactly what IP address the Zulu client connected from?


(Jared Busch) #2

When a user logs in with Zulu, it is logged to /var/log/asterisk/zulu_out.log but there is no IP.

2021-05-18 11:34 -05:00: [2021-5-18 11:34:32.799] [INFO] console - vwT8SNI5dY5dGZwEp8I/VQ== has successfully authenticated as user 426
2021-05-18 12:02 -05:00: [2021-5-18 12:02:54.817] [INFO] console - vEmEzGD0ZbXOpEM+qhj+Rw== has successfully authenticated as user 424

#3

Thank you for the replay.

I saw those entries, just hoping to see where the clients were logging in from. Is there anywhere else we can see this event?


(system) closed #4

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.