Regex Rule for Asterisk
Posted: 10 Apr 2014, 18:13
Hi,
I'm starting make a rule to csf block ips of fail on asterisk SIP user login.
This is line of log:
[Apr 10 14:01:18] NOTICE[16683] chan_sip.c: Registration from '"8260" <sip:8260@111.111.111.111:5060>' failed for '2.2.2.2:5075' - No matching peer found
111.111.111.111 is asterisk server ip
2.2.2.2 is a source of attack ip
log file: /var/log/asterisk/full
I create this regex, but on my testes not work?
if (($lgfile eq $config{CUSTOM3_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] NOTICE\[\S+\] chan_sip\.c: Registration from \'\"\S+\" <sip:\S+\@\S+>\' failed for \'\S+\:\S+' - No matching peer found/)) {
return ("Error Sip Autentication",$1,"SIPRegistrationFailed","1","1");
}
on csf.conf:
CUSTOM3_LOG = "/var/log/asterisk/full"
Anybody can help-me?
Thanks
I'm starting make a rule to csf block ips of fail on asterisk SIP user login.
This is line of log:
[Apr 10 14:01:18] NOTICE[16683] chan_sip.c: Registration from '"8260" <sip:8260@111.111.111.111:5060>' failed for '2.2.2.2:5075' - No matching peer found
111.111.111.111 is asterisk server ip
2.2.2.2 is a source of attack ip
log file: /var/log/asterisk/full
I create this regex, but on my testes not work?
if (($lgfile eq $config{CUSTOM3_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] NOTICE\[\S+\] chan_sip\.c: Registration from \'\"\S+\" <sip:\S+\@\S+>\' failed for \'\S+\:\S+' - No matching peer found/)) {
return ("Error Sip Autentication",$1,"SIPRegistrationFailed","1","1");
}
on csf.conf:
CUSTOM3_LOG = "/var/log/asterisk/full"
Anybody can help-me?
Thanks