Hi all, I'm using ser-0.9.7 with mysql authentication. This is the INVITE handling section of my ser.cfg # ----------------------------------------------------------------- # INVITE Message Handler # ----------------------------------------------------------------- if (nat_uac_test("19")) { setflag(6); } if (!allow_trusted()) { if (!proxy_authorize("sip.keeptelecom.com","subscriber")) { proxy_challenge("sip.keeptelecom.com","0"); break; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); break; }; consume_credentials(); }; # ------ Logging calls after succesfully auth ----------- if (isflagset(6)) { xlog("L_INFO", "<%is> CH <%ct> R-URI <%ru> autenticato: NAT detected\n"); } else { xlog("L_INFO", "<%is> CH <%ct> R-URI <%ru> autenticato: no NAT detected\n"); } As you cas see, I've added just after authentication section some lines to log every succesfully authenticated attemp to make a call, with NAT detection info. I'd like, in the same way, add a single line to log every wrong user or wrong password attempt. My question is: which is the correct place to set this in the configuration file ? My first idea was to place xlog instruction just inside the if(!proxy_authorize){ . , but this produces multiple line in log, because in a call first invite is sent without proxy_authorization section. Is there a way, with xlog, to show the client sent password in clear for an easy troubleshoot ? Many thanks for any suggestion. Fabio