Hallo Martin,
jetzt komme ich dem Problem langsam auf die Spur.
Ja ich hatte den Mailversand umgestellt, so dass dieser nun über Mandrill (
www.mandrill.com) läuft.
Offenbar wertet ihr im Header den envelope-from aus (z.B. envelope-from <
bounce-md_30050698.5629067b.v1-e3e60d3e950844f880d700147c16a584@mandrillapp.com>), korrekt?
Nun habe ich das Reporting einmal auf curl umgestellt, dies scheint für SSH auch zu funktionieren.
Für SIP wird allerding nichts reportet; ich vermute fast, dass die Log-Ausschnitte bei SIP zu lange für den curl-Aufruf sind.
Beispiel:
Code: Alles auswählen
Lines containing IP:213.202.212.36 in /var/log/asterisk/fail2ban
[2015-10-22 17:14:18] SECURITY[4504] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="2015-10-22T17:14:18.121+0200",Severity="Informational",Service="SIP",EventVersion="1",AccountID="121",SessionID="0x1a25c68",LocalAddress="IPV4/UDP/X.XX.XXX.XXX/5060",RemoteAddress="IPV4/UDP/213.202.212.36/5064",Challenge="1f8dfcb9"
[2015-10-22 17:14:18] NOTICE[4481] chan_sip.c: Registration from '"121" <sip:121@X.XX.XXX.XXX:5060>' failed for '213.202.212.36:5064' - Wrong password
[2015-10-22 17:14:18] SECURITY[4504] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2015-10-22T17:14:18.130+0200",Severity="Error",Service="SIP",EventVersion="2",AccountID="121",SessionID="0x1a25c68",LocalAddress="IPV4/UDP/X.XX.XXX.XXX/5060",RemoteAddress="IPV4/UDP/213.202.212.36/5064",Challenge="1f8dfcb9",ReceivedChallenge="1f8dfcb9",ReceivedHash="1f2b6775e41e2364eeb59248cf5023d8"
[2015-10-22 17:14:21] SECURITY[4504] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="2015-10-22T17:14:21.545+0200",Severity="Informational",Service="SIP",EventVersion="1",AccountID="101",SessionID="0x195aa18",LocalAddress="IPV4/UDP/X.XX.XXX.XXX/5060",RemoteAddress="IPV4/UDP/213.202.212.36/5087",Challenge="67a8c973"
[2015-10-22 17:14:21] NOTICE[4481] chan_sip.c: Registration from '"101" <sip:101@X.XX.XXX.XXX:5060>' failed for '213.202.212.36:5087' - Wrong password
[2015-10-22 17:14:21] SECURITY[4504] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2015-10-22T17:14:21.569+0200",Severity="Error",Service="SIP",EventVersion="2",AccountID="101",SessionID="0x195aa18",LocalAddress="IPV4/UDP/X.XX.XXX.XXX/5060",RemoteAddress="IPV4/UDP/213.202.212.36/5087",Challenge="67a8c973",ReceivedChallenge="67a8c973",ReceivedHash="2122e04d7a7d438a5e9ec522e0f7baff"
[2015-10-22 17:14:23] SECURITY[4504] res_security_log.c: SecurityEvent="ChallengeSent",EventTV="2015-10-22T17:14:23.239+0200",Severity="Informational",Service="SIP",EventVersion="1",AccountID="113",SessionID="0x19ee438",LocalAddress="IPV4/UDP/X.XX.XXX.XXX/5060",RemoteAddress="IPV4/UDP/213.202.212.36/5085",Challenge="4fa5855a"
[2015-10-22 17:14:23] NOTICE[4481] chan_sip.c: Registration from '"113" <sip:113@X.XX.XXX.XXX:5060>' failed for '213.202.212.36:5085' - Wrong password
[2015-10-22 17:14:23] SECURITY[4504] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2015-10-22T17:14:23.252+0200",Severity="Error",Service="SIP",EventVersion="2",AccountID="113",SessionID="0x19ee438",LocalAddress="IPV4/UDP/X.XX.XXX.XXX/5060",RemoteAddress="IPV4/UDP/213.202.212.36/5085",Challenge="4fa5855a",ReceivedChallenge="4fa5855a",ReceivedHash="58d66bccf57f440e016f1a1424344070"
Gibt es hierfür eine Lösung?
Grüße,
Patrick