hi team,
Here is the regx i made but its not working. I have to block the ip and the logs line is
[2014-07-05 20:19:45] NOTICE[27008][C-00001ac7] chan_sip.c: Call from '' (37.8.5.217:12242) to extension '011972547851891' rejected because extension not found in context 'my_context'.
IP i have to block is 37.8.5.217
The regx i have written is
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /\[\S+\s+\S+\] NOTICE\[\S+\] chan_sip\.c\: Call from '' '(\S+\s?\S+)' to extension '(\S+)\:\d+' \ rejected because extension not found in context 'my_context'/)) {
return ("Bad Call: $1",$2,"INVALIDASTREQUEST","1","1");
}
custom regx for asterisk
-
jehanzaib_kiani
- Junior Member
- Posts: 9
- Joined: 19 Jul 2012, 07:56
- Location: New Zealand
Re: custom regx for asterisk
You should try the following on the regex:
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /\[\S+\s+\S+\] NOTICE\[\S+\]\[\S+\] chan_sip\.c: Call from '' \((\S+):\S+\) to extension '(S+)' rejected because extension not found in context/)) {
return ("Bad Call to extension: $2",$1,"INVALIDASTREQUEST","1","1");
}
$1 = to the IP to block
$2 = the extension
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /\[\S+\s+\S+\] NOTICE\[\S+\]\[\S+\] chan_sip\.c: Call from '' \((\S+):\S+\) to extension '(S+)' rejected because extension not found in context/)) {
return ("Bad Call to extension: $2",$1,"INVALIDASTREQUEST","1","1");
}
$1 = to the IP to block
$2 = the extension
-
jehanzaib_kiani
- Junior Member
- Posts: 9
- Joined: 19 Jul 2012, 07:56
- Location: New Zealand
Re: custom regx for asterisk
Hi Sergio,
thanks man, i tried the rule but its not working. i am still getting the request from the same IP. i also have not seen anything in the csf.deny for this rule. can you have a look when convernient.
thanks man
thanks man, i tried the rule but its not working. i am still getting the request from the same IP. i also have not seen anything in the csf.deny for this rule. can you have a look when convernient.
thanks man
Re: custom regx for asterisk
I will send you a PM
Re: custom regx for asterisk
Hi all,
I have tested all regex posted here for blocking SIP requests with wrong password. But not working anything. My PBX is based on Elastix and Asterisk version is 11.x. It will be very help full if anybody can suggest any regex for locking down the IP based on the log in
For example my log is;
I have tested all regex posted here for blocking SIP requests with wrong password. But not working anything. My PBX is based on Elastix and Asterisk version is 11.x. It will be very help full if anybody can suggest any regex for locking down the IP based on the log in
./var/log/asterisk/full
For example my log is;
Thanks in advance[2015-09-23 13:42:24] NOTICE[19648][C-000006d0] chan_sip.c: Failed to authenticate device 902<sip:902@8.XX.XX.X>;tag=3d9d8284
[2015-09-23 11:54:38] NOTICE[19648] chan_sip.c: Registration from '"708" <sip:708@8.xx.xx.x:5060>' failed for '63.141.243.28:5075' - Wrong password
Re: custom regx for asterisk
What are the IPs that you want to block on those lines?
The IP that you want to block has to appear on the log line for the REGEX to work.
The IP that you want to block has to appear on the log line for the REGEX to work.