I'd suggest taking a look at the free edition of SecAst (www.generationd.com). It handles these messages perfectly (and can also use AMI security events) - so you don't need to constantly be updating fail2ban rules. It's a drop in replacement for fail2ban.
-M- P.S. My opinions are my own and do not necessarily represent those of my employer. As an employee of Generation D System you can bet my opinions are biased though! ________________________________________ From: asterisk-users-boun...@lists.digium.com <asterisk-users-boun...@lists.digium.com> on behalf of ricky gutierrez <xserverli...@gmail.com> Sent: Friday, January 9, 2015 3:02 PM To: Asterisk Users List Subject: Re: [asterisk-users] SEMI OFF-TOPIC - Fail2ban 2015-01-09 3:53 GMT-06:00 Stefan Gofferje <li...@home.gofferje.net>: > > Do you really want to detect "ChallengeSent"? That should occur also on > legitimate login processes... > Hi , strange thing is that I still have not this asterisk in production and I see many attempts Connection. Now keep in mind that when a connection of authentication is successful the message changes and is not exactly what you mention: ## SecurityEvent="SuccessfulAuth",EventTV="1420832883-140932",#### I think this type of connection attempts messages with my asterisk that fail2ban not detected. I'm no expert, but the log not lie ;) regardss -- rickygm http://gnuforever.homelinux.com -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users