Zulu Authentication logs

We had a client who had a recent attack come across the Zulu app and make a bunch of calls.

I was reviewing the logs and I can see where the extension registered but the IP address it shows registered from is It is this way across all the logs I have looked at.

Is there a log that will tell me exactly what IP address the Zulu client connected from?

When a user logs in with Zulu, it is logged to /var/log/asterisk/zulu_out.log but there is no IP.

2021-05-18 11:34 -05:00: [2021-5-18 11:34:32.799] [INFO] console - vwT8SNI5dY5dGZwEp8I/VQ== has successfully authenticated as user 426
2021-05-18 12:02 -05:00: [2021-5-18 12:02:54.817] [INFO] console - vEmEzGD0ZbXOpEM+qhj+Rw== has successfully authenticated as user 424

Thank you for the replay.

I saw those entries, just hoping to see where the clients were logging in from. Is there anywhere else we can see this event?

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.