Hopefully, this helps someone else.
This seems to be working for me.
# Fail2Ban configuration file
[INCLUDES]
#before = common.conf
[Definition]
failregex = NOTICE.* .*: Request \'REGISTER\' from '.*' failed for '<HOST>:.*'
.* - No matching endpoint found
NOTICE.* .*: Request \'REGISTER\' from '.*' failed for '<HOST>:.*'
.* - Failed to authenticate
NOTICE.* .*: Request \'REGISTER\' from '.*' failed for '<HOST>:.*'
.* - Error to authenticate
NOTICE.* .*: Request \'INVITE\' from '.*' failed for '<HOST>:.*' .*
John Bittner
Xaccel
From: asterisk-users [mailto:[email protected]] On Behalf
Of John T. Bittner
Sent: Thursday, June 6, 2019 3:40 PM
To: [email protected]
Subject: [asterisk-users] Fail2ban for asterisk 16 PJSIP
Hello
Anyone have a working copy of Fail2ban asterisk filter asterisk.conf
for Asterisk 16 running PJSIP.
I have tried 10 different filters but none of them show any matches when
testing with
fail2ban-regex
I see date template hits but no matches....
My log
[2019-06-06 15:37:20] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:37:52] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'INVITE' from '"as100" <sip:[email protected]>' failed for
'188.214.128.172:5076' (callid: 03e7f9d2dcdf4252506c440137e822b7) - No matching
endpoint found
[2019-06-06 15:37:58] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:37:58] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:37:58] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:37:58] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:38:36] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:38:36] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:38:36] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:38:36] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:39:14] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:39:14] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:39:14] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:39:14] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'REGISTER' from '"2405" <sip:2405@asterisk>' failed for '71.127.239.22:65476'
(callid:
[email protected]<mailto:[email protected]>)
- Failed to authenticate
[2019-06-06 15:39:17] NOTICE[18081] res_pjsip/pjsip_distributor.c: Request
'INVITE' from '"as100" <sip:[email protected]>' failed for
'188.214.128.172:5071' (callid: 8e12f1560bfe2c3ed5be895108727c46) - No matching
endpoint found
Any help is much appreciated.
Thanks
John Bittner
CTO
[xaccellogoemail]
380 US Highway 46, Suite 500
Totowa, NJ 07512
Phone: 201.806.2602 x2405
Fax: 201.806.2604
Cell: 973.390.1090
www.xaccel.net<http://www.xaccel.net/>
CONFIDENTIALITY NOTICE:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential
and privileged information which should not be shared or forwarded. Any
unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies of the e-mail.
________________________________
Teach Canit xAntispam if this mail is spam:
Spam<http://mx1.xantispam.net/canit/b.php?c=s&i=020lvFIiR&m=5b7b9282412f&rlm=xaccel-net>
Not
spam<http://mx1.xantispam.net/canit/b.php?c=n&i=020lvFIiR&m=5b7b9282412f&rlm=xaccel-net>
Forget previous
vote<http://mx1.xantispam.net/canit/b.php?c=f&i=020lvFIiR&m=5b7b9282412f&rlm=xaccel-net>
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
