We had a client who had a recent attack come across the Zulu app and make a bunch of calls.
I was reviewing the logs and I can see where the extension registered but the IP address it shows registered from is 127.0.0.1. It is this way across all the logs I have looked at.
Is there a log that will tell me exactly what IP address the Zulu client connected from?
When a user logs in with Zulu, it is logged to /var/log/asterisk/zulu_out.log but there is no IP.
2021-05-18 11:34 -05:00: [2021-5-18 11:34:32.799] [INFO] console - vwT8SNI5dY5dGZwEp8I/VQ== has successfully authenticated as user 426
2021-05-18 12:02 -05:00: [2021-5-18 12:02:54.817] [INFO] console - vEmEzGD0ZbXOpEM+qhj+Rw== has successfully authenticated as user 424