<div dir="ltr"><div>thanks all for reply,<br><br></div>i will try to ask that to developer.<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Apr 3, 2014 at 12:07 AM, William King <span dir="ltr"><<a href="mailto:william.king@quentustech.com" target="_blank">william.king@quentustech.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">If you file a feature request for a freeswitch event to be fired when a<br>
new TLS connection is made, one of the developers might be able to look<br>
into adding that functionality. Then you would be able to hook in<br>
mod_fail2ban and log the events you are looking to have watched by fail2ban.<br>
<br>
William King<br>
Senior Engineer<br>
Quentus Technologies, INC<br>
1037 NE 65th St Suite 273<br>
Seattle, WA 98115<br>
Main: <a href="tel:%28877%29%20211-9337" value="+18772119337">(877) 211-9337</a><br>
Office: <a href="tel:%28206%29%20388-4772" value="+12063884772">(206) 388-4772</a><br>
Cell: <a href="tel:%28253%29%20686-5518" value="+12536865518">(253) 686-5518</a><br>
<a href="mailto:william.king@quentustech.com">william.king@quentustech.com</a><br>
<div class=""><br>
On 04/02/2014 03:29 AM, dwi yulianto wrote:<br>
> sorry, i mean ssl dos.<br>
><br>
> if i use that, that give cpu activity increase to 100%.<br>
><br>
> i want to make that log so i can use fail2ban to ban source IP attacker<br>
><br>
><br>
> On Wed, Apr 2, 2014 at 5:02 PM, dwi yulianto <<a href="mailto:dwiyulianto.anto@gmail.com">dwiyulianto.anto@gmail.com</a><br>
</div><div class="">> <mailto:<a href="mailto:dwiyulianto.anto@gmail.com">dwiyulianto.anto@gmail.com</a>>> wrote:<br>
><br>
> i try ssh dos and that give log in tport. but log about tport tls<br>
> didnt have any data/time stamp.<br>
><br>
> maybe if i can make that log into date/time stamp i can make regex<br>
> for fail2ban to find log when attacker give new connection in tls<br>
> eventually.<br>
><br>
> am i need to change in tport_type_tls.c in line about SU_DEBUG_5<br>
> that have part with "new connection from " and change that with<br>
> switch_log_printf. but actually i dont really understand about C. so<br>
> how i can change that with switch_log_printf?<br>
><br>
> Thanks<br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Wed, Apr 2, 2014 at 3:35 PM, Steven Ayre <<a href="mailto:steveayre@gmail.com">steveayre@gmail.com</a><br>
</div><div class="">> <mailto:<a href="mailto:steveayre@gmail.com">steveayre@gmail.com</a>>> wrote:<br>
><br>
> Sofia stack logging is extremely verbose, far more so than you<br>
> want to run in production. Doing so will likely hurt the<br>
> performance of your system due to too much disk I/o<br>
><br>
> What're you looking to capture?<br>
><br>
> FS already has log messages for auth failures for fail2ban to match<br>
><br>
><br>
><br>
><br>
> On Tuesday, April 1, 2014, dwi yulianto<br>
</div>> <<a href="mailto:dwiyulianto.anto@gmail.com">dwiyulianto.anto@gmail.com</a> <mailto:<a href="mailto:dwiyulianto.anto@gmail.com">dwiyulianto.anto@gmail.com</a>>><br>
<div class="">> wrote:<br>
><br>
> i wanna make log from tport.c in console or in log file with<br>
> date stamp, so i can use it for fail2ban.<br>
><br>
> thanks.<br>
><br>
><br>
> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
</div>> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a> <mailto:<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>><br>
<div class="">> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
> <a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
</div>> <mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>><br>
<div class="HOEnZb"><div class="h5">> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
><br>
><br>
><br>
><br>
><br>
> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
> <a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br></div>