Logger organization upon fail2ban

Hello community,
I have asterisk v. 1.8.14.0 runing in full production since long time under Centos 6, kernel 3.2.13-grsec-xxxx-grs-ipv6-64, where since couple of months ago I found a good idea to install fail2ban, as the server is receiving about 15-30 attacks per minute, no one of them never gain access, but it always good to update and review secutiry configurations.

The issue is, the Logger is logining me as NOTICE rather egistrations, and failing, that’s why filling up the messages log file, and loding the cpu.

I mean:
in asterisk.conf, I have:

verbose=0 debug=0

In looger.conf

So, Notice, is including, the registration notice, which is nothing important for a server in production, meanwhile, I want to log only:

[quote]Wrong password
No matching peer found
Username/auth name mismatch
Device does not match ACL
Peer is not supposed to register[/quote]

I don’t find where can I configure this, as I went to look into the sip_chain, but, first it’s encripted, and second, is hard coded, and no idea, why Asterisk is recording the security errores as NOTICE, meanwhile a production server don’t need to log notice… and to have correct fail2ban fonction protection, also under the alwaysauthreject fonction, it’s really a good idea to distinguish between security issues, and simple peers registration, lagging, other not necessary loging task.

Anybody have thought into that, or just detect such as issue upon fail2ban??

Regards,

There is nothing encrypted in the code of chan_sip.c.

Although it is hard coded, changing message cateogories, or even removing them is an easy and safe change which doesn’t really require any programming knowledge.

Thanks for your prompt David,
With the chan_sip, part of it, I found it encripted, sorry, I just open it to look inside, and it’s partially encripted, and the other, was hardly coded, for me, maybe…

So, after looking there, into the chan_sip i found that the 403 forbedden, is being logged as a NOTICE, and the correct, I think is to log it as an error, to registred that log in messages, and monitorize it rather within the alwaysauthreject and the fail2ban. cose my issue is that I have turn off the verbose to 0, as I said, and i don’t need to overload the cup with unnecessary notice log…

Why such as suggestion, or idea is not took in consideration in the development itself, it’s not better to do it so? I’m not great to go playing with the code into the chan_sip… any one thought in this, or can help, please?

:wink:

Solved, within upgrading to Asterisk 11, the logger work like charm with fail2ban;)