i configure rules for routing banned ip and i want to see where i can autdit this issues.. i mean where i can automatically define a cron setup that grep those logs definitios.. where are loggin those all?
my rules are:
define at begining of kamailio.cfg "#!WITH_ANTIFLOOD", later add:
#!ifdef WITH_ANTIFLOOD loadmodule "htable.so" loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 2) modparam("pike", "reqs_density_per_unit", 16) modparam("pike", "remove_latency", 4) modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") #!endif
later routing definitions:
route[REQINIT] { if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); exit; } if (!pike_check_req()) { xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); $sht(ipban=>$si) = 1; exit; } } if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") { xlog("L_ALERT","ALERT: friendly canings from $fu (IP:$si:$sp)\n"); exit; } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if(is_method("OPTIONS") && uri==myself && $rU==$null) { sl_send_reply("200","Keepalive"); exit; } if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } }
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com
On 2/18/19 2:01 PM, PICCORO McKAY Lenz wrote:
i configure rules for routing banned ip and i want to see where i can autdit this issues.. i mean where i can automatically define a cron setup that grep those logs definitios.. where are loggin those all?
my rules are:
[snip]
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com
You could always grep the log, use RPC to check the HTABLE parameter, or cron something that runs kamcmd htable.dump ipban (or whatever)... You could also use rtimer and output the htable as well.
Many ways to do this that best fits your environment.
Fred Posner fred@qxork.com https://qxork.com Direct/SMS: +1 (224) 334-3733 Direct/SMS: +1 (336) 439-3733
Need Fred? Call Fred. 336-HEY-FRED
It is not very clear what you look for .. you don't know where the log messages are written? Or you want to see the list of ip addresses from pike module?
Cheers, Daniel
On 18.02.19 20:01, PICCORO McKAY Lenz wrote:
i configure rules for routing banned ip and i want to see where i can autdit this issues.. i mean where i can automatically define a cron setup that grep those logs definitios.. where are loggin those all?
my rules are:
define at begining of kamailio.cfg "#!WITH_ANTIFLOOD", later add:
#!ifdef WITH_ANTIFLOOD loadmodule "htable.so" loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 2) modparam("pike", "reqs_density_per_unit", 16) modparam("pike", "remove_latency", 4) modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") #!endif
later routing definitions:
route[REQINIT] { if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); exit; } if (!pike_check_req()) { xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); $sht(ipban=>$si) = 1; exit; } } if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") { xlog("L_ALERT","ALERT: friendly canings from $fu (IP:$si:$sp)\n"); exit; } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if(is_method("OPTIONS") && uri==myself && $rU==$null) { sl_send_reply("200","Keepalive"); exit; } if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } }
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
El lun., 18 de feb. de 2019 a la(s) 15:36, Daniel-Constantin Mierla (miconda@gmail.com) escribió:
It is not very clear what you look for .. you don't know where the log messages are written? Or you want to see the list of ip addresses from pike module?
Fred said: "You could always grep the log" that actually i do, but i do not how to made the other methods/ways:
"use RPC to check the HTABLE parameter, or
cron something that runs kamcmd htable.dump ipban (or whatever)... You could also use rtimer and output the htable as well."
How can i made those ways?
Cheers, Daniel
On 18.02.19 20:01, PICCORO McKAY Lenz wrote:
i configure rules for routing banned ip and i want to see where i can autdit this issues.. i mean where i can automatically define a cron setup that grep those logs definitios.. where are loggin those all?
my rules are:
define at begining of kamailio.cfg "#!WITH_ANTIFLOOD", later add:
#!ifdef WITH_ANTIFLOOD loadmodule "htable.so" loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 2) modparam("pike", "reqs_density_per_unit", 16) modparam("pike", "remove_latency", 4) modparam("htable", "htable", "ipban=>size=8;autoexpire=300;") #!endif
later routing definitions:
route[REQINIT] { if(src_ip!=myself) { if($sht(ipban=>$si)!=$null) { xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n"); exit; } if (!pike_check_req()) { xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n"); $sht(ipban=>$si) = 1; exit; } } if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") { xlog("L_ALERT","ALERT: friendly canings from $fu (IP:$si:$sp)\n"); exit; } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if(is_method("OPTIONS") && uri==myself && $rU==$null) { sl_send_reply("200","Keepalive"); exit; } if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } }
Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com Kamailio Advanced Training - Mar 4-6, 2019 in Berlin; Mar 25-27, 2019, in Washington, DC, USA -- www.asipto.com
-
Daniel-Constantin Mierla -
Fred Posner -
PICCORO McKAY Lenz