Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • Customer Inquiry
    Member
    Post count: 197

    I have set SecAst to use the Asterisk security log to get notifications of account authentication errors, and SecAst is ignoring or not responding to an intrusion attempt. In the SecAst log file I see a message like:

    Asterisk, IP ” on IP watch list with X potential intrusion attempts

    What is wrong?

    Telium Support Group
    Member
    Post count: 258

    The most likely cause is that Asterisk is not providing enough information about an account violation.

    If you are running Asterisk 13 or later, then you should tell SecAst to use the AMI for talking to Asterisk (don’t use a security log file). This exposes a lot more information to SecAst.

    If you must use the Asterisk log file, please send that log file and the SecAst log file to support for assistance in identifying the attack type and adjusting your setting to recognize the attack.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.