I have asterisk v. 126.96.36.199 runing in full production since long time under Centos 6, kernel 3.2.13-grsec-xxxx-grs-ipv6-64, where since couple of months ago I found a good idea to install fail2ban, as the server is receiving about 15-30 attacks per minute, no one of them never gain access, but it always good to update and review secutiry configurations.
The issue is, the Logger is logining me as NOTICE rather egistrations, and failing, that’s why filling up the messages log file, and loding the cpu.
in asterisk.conf, I have:
So, Notice, is including, the registration notice, which is nothing important for a server in production, meanwhile, I want to log only:
No matching peer found
Username/auth name mismatch
Device does not match ACL
Peer is not supposed to register[/quote]
I don’t find where can I configure this, as I went to look into the sip_chain, but, first it’s encripted, and second, is hard coded, and no idea, why Asterisk is recording the security errores as NOTICE, meanwhile a production server don’t need to log notice… and to have correct fail2ban fonction protection, also under the alwaysauthreject fonction, it’s really a good idea to distinguish between security issues, and simple peers registration, lagging, other not necessary loging task.
Anybody have thought into that, or just detect such as issue upon fail2ban??