Best practices in log monitoring

Hello all,

Recently I had an issue with my Asterisk installation. Some one was pounding the SIP port continuously which caused the number of open files to be exhausted. I have since fixed the issue, but I could not identify the issue while it was happening, though it was logged in messages.

Now I am wondering how are others monitoring the logs. What is the current best practices so that next time this happens I will be notified? Any tools or services which can monitor the logs and alert if some thing goes wrong is much welcome!

X.

HI @XuoGuoto
I usually run fail2ban, is an [intrusion prevention software] framework that protects computer servers from [brute-force attacks]. It reads logs from various software and in base of how you configure it, it take actions that you decide to take…

1 Like

well first I will recommend that you only open for known IP address as Asterisk is not designed to sit directly on the internet, alternative use fail2ban to block access or setup an Kamailio in front
https://www.fail2ban.org/wiki/index.php/Asterisk

Thanks @pethkaqeni and @TheMark for the helpful replies.

I am thinking in terms of adding OpenSIPs or Kamailio in front of asterisk.

As some one newly starting with both projects the learning curve is huge. While both are almost similar with same lineage, any suggestions as to which of these are better in terms of asterisk integration and easy learning curve?

they are almost identical, so i just a question of taste
where I work we use Kamailio, but look around fore where you can get most support or find consultants

1 Like