<div dir="ltr">Hi Roman,<div><br></div><div>I think that more elegant solution for your task is cut off bruteforce on Kamailio side rather than on FreeSWITCH. You do not need (and must not) pass malicious traffic to backends. It is best practice.</div><div><br></div><div>Is every inbound requests (REGISTER, INVITE) passes Kamailio? If Kamailio work as stateful SIP proxy then you can pay attention to unsuccessful authentication attempts in reply routes and manages it, for example, with pike or something like that. Or event configure fail2ban on Kamailio server rather than on FreeSWITCH.</div><div><br></div><div>This is just my opinion.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-11-29 10:50 GMT+02:00 Alex Balashov <span dir="ltr"><<a href="mailto:abalashov@evaristesys.com" target="_blank">abalashov@evaristesys.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, Nov 29, 2016 at 09:37:26AM +0100, Roman Dissauer wrote:<br>
<br>
> I already get the original source IP into FS but I need to log unsuccessful auth attempts with original IP to block them with fail2ban.<br>
> The default log message „SIP auth challenge…“ does only log the Proxy IP<br>
<br>
</span>Ah, I see.<br>
<br>
I must have misunderstood your question, then. It sounds like what you actually want to know is how to issue an arbitrary log statement?<br>
<br>
I think this page answers that question:<br>
<br>
<a href="https://wiki.freeswitch.org/wiki/Misc._Dialplan_Tools_log" rel="noreferrer" target="_blank">https://wiki.freeswitch.org/<wbr>wiki/Misc._Dialplan_Tools_log</a><br>
<br>
Or did I miss something still?<br>
<div class="HOEnZb"><div class="h5"><br>
-- Alex<br>
<br>
--<br>
Alex Balashov | Principal | Evariste Systems LLC<br>
<br>
Tel: <a href="tel:%2B1-706-510-6800" value="+17065106800">+1-706-510-6800</a> (direct) / <a href="tel:%2B1-800-250-5920" value="+18002505920">+1-800-250-5920</a> (toll-free)<br>
Web: <a href="http://www.evaristesys.com/" rel="noreferrer" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.csrpswitch.com/" rel="noreferrer" target="_blank">http://www.csrpswitch.com/</a><br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">С уважением,<br>Владислав Захожай<br><br></div></div>
</div>