i configure rules for routing banned ip and i want to see where i can autdit this issues.. i mean where i can automatically define a cron setup that grep those logs definitios.. where are loggin those all?
my rules are:
define at begining of kamailio.cfg "#!WITH_ANTIFLOOD", later add:
#!ifdef WITH_ANTIFLOOD loadmodule "htable.so" loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 2) modparam("pike", "reqs_density_per_unit", 16) modparam("pike", "remove_latency", 4) modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") #!endif
later routing definitions:
route[REQINIT] { if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); exit; } if (!pike_check_req()) { xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); $sht(ipban=>$si) = 1; exit; } } if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") { xlog("L_ALERT","ALERT: friendly canings from $fu (IP:$si:$sp)\n"); exit; } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if(is_method("OPTIONS") && uri==myself && $rU==$null) { sl_send_reply("200","Keepalive"); exit; } if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } }
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com