[asterisk-users] High verbose set at console effects the logger file "Full"

Discussion:

[asterisk-users] High verbose set at console effects the logger file "Full" - Why is that?

Bruce B

2011-12-30 23:11:46 UTC

Hi everyone,

I am playing around with Asterisk 1.8.8.0 from Digium repository. This is
all there is to my logger.conf file:

*[general]*
*dateformat=%F %T*
*
*
*[logfiles]*
*full => notice,warning,error,debug,verbose,dtmf,fax*
*
*
However, when I do, "core set verbose 0" at CLI, Asterisk ceases to write
to /var/log/asterisk/full file for some reason. When I type "core set
verbose 9" at CLI then it starts writing to /var/log/asterisk/full. Is this
the correct behaviour or am I missing a config setting?

Of course I want the /var/log/asterisk/full file to always keep the logs
regardless of what the verbosity at CLI level is.

Thanks

Jim Dickenson

2011-12-30 23:19:30 UTC

Permalink

If you want to stop stuff from going to the console you can use the command "logger mute" and console will not get output but log file will.
--
Jim Dickenson
mailto:***@cfmc.com

CfMC
http://www.cfmc.com/

Post by Bruce B
Hi everyone,
[general]
dateformat=%F %T
[logfiles]
full => notice,warning,error,debug,verbose,dtmf,fax
However, when I do, "core set verbose 0" at CLI, Asterisk ceases to write to /var/log/asterisk/full file for some reason. When I type "core set verbose 9" at CLI then it starts writing to /var/log/asterisk/full. Is this the correct behaviour or am I missing a config setting?
Of course I want the /var/log/asterisk/full file to always keep the logs regardless of what the verbosity at CLI level is.
Thanks
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users

Bruce B

2011-12-30 23:24:01 UTC

Permalink

Okay, but I thought that the line "console =>" is supposed to be for CLI
and the line "Full =>" is supposed to be for the file
/var/log/asterisk/full.

Why would the "Full =>" be effected by "core set verbose 0"? Is this just
bad assumption on the part of the developers? I would only assume that
"core set verbose 0" should only effect what I see at CLI level and not at
my my /var/log/asterisk/full log file.

Am I missing something?

Thanks for the feedback.

Post by Jim Dickenson
If you want to stop stuff from going to the console you can use the
command "logger mute" and console will not get output but log file will.
--
Jim Dickenson
CfMC
http://www.cfmc.com/
Hi everyone,
I am playing around with Asterisk 1.8.8.0 from Digium repository. This is
*[general]*
*dateformat=%F %T*
*
*
*[logfiles]*
*full => notice,warning,error,debug,verbose,dtmf,fax*
*
*
However, when I do, "core set verbose 0" at CLI, Asterisk ceases to write
to /var/log/asterisk/full file for some reason. When I type "core set
verbose 9" at CLI then it starts writing to /var/log/asterisk/full. Is this
the correct behaviour or am I missing a config setting?
Of course I want the /var/log/asterisk/full file to always keep the logs
regardless of what the verbosity at CLI level is.
Thanks
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users

Jim Dickenson

2011-12-31 00:24:29 UTC

Permalink

Yes, you are missing the fact that the verbose setting controls what level of output will be generated in the first place. You can raise and lower the amount of stuff logged/printed on CLI.

The lines in logger.conf control what types of lines go to which place.

One can set the verbose level as well as the debug level. These control how much log information is generated at all not where it is being written.
--
Jim Dickenson
mailto:***@cfmc.com

CfMC
http://www.cfmc.com/

Okay, but I thought that the line "console =>" is supposed to be for CLI and the line "Full =>" is supposed to be for the file /var/log/asterisk/full.
Why would the "Full =>" be effected by "core set verbose 0"? Is this just bad assumption on the part of the developers? I would only assume that "core set verbose 0" should only effect what I see at CLI level and not at my my /var/log/asterisk/full log file.
Am I missing something?
Thanks for the feedback.
If you want to stop stuff from going to the console you can use the command "logger mute" and console will not get output but log file will.
--
Jim Dickenson
CfMC
http://www.cfmc.com/

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users

Bruce B

2011-12-31 00:55:25 UTC

Permalink

Post by Jim Dickenson
One can set the verbose level as well as the debug level. These control
how much log information is generated at all not where it is being written.
What do you mean by above? Can I see something in the logger.conf that

will keep it always at certain verbose level regardless of what command I
issue at CLI?

You see the problem I have is that Fail2ban reads the asterisk "full" log
file. So, if I am playing on the CLI and then do "core set verbose 0" and
exit the box and forget to set it back to 9 then Fail2ban stops working
because the log file hasn't logged the attack.

I still think there is a way around this and I am missing a config. Why
would anyone tie security logs to a mere CLI command?

Thanks again

Jim Dickenson

2011-12-31 01:36:40 UTC

Permalink

--
Jim Dickenson
mailto:***@cfmc.com

CfMC
http://www.cfmc.com/

Post by Jim Dickenson
One can set the verbose level as well as the debug level. These control how much log information is generated at all not where it is being written.
What do you mean by above? Can I see something in the logger.conf that will keep it always at certain verbose level regardless of what command I issue at CLI?

No the verbose command controls how much verbose stuff is output. The debug command controls how much debug stuff is output. These are absolute controls of that information. As I said in my original email you can turn off stuff going to the CLI with the logger mute command. That way you do not adjust the verbose level at all.

Post by Jim Dickenson
You see the problem I have is that Fail2ban reads the asterisk "full" log file. So, if I am playing on the CLI and then do "core set verbose 0" and exit the box and forget to set it back to 9 then Fail2ban stops working because the log file hasn't logged the attack.
I still think there is a way around this and I am missing a config. Why would anyone tie security logs to a mere CLI command?
Thanks again
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users

Bruce B

2011-12-31 02:03:34 UTC

Permalink

So, based on what you are saying if I issue the command "core set verbose
0" and then exit the system Fail2Ban will stop working for Asterisk (this
is since Fail2ban works based on the log file entries).

Can anyone else please confirm that as well.

Thanks again for your input.

Post by Jim Dickenson
--
Jim Dickenson
CfMC
http://www.cfmc.com/

will keep it always at certain verbose level regardless of what command I
issue at CLI?
No the verbose command controls how much verbose stuff is output. The
debug command controls how much debug stuff is output. These are absolute
controls of that information. As I said in my original email you can turn
off stuff going to the CLI with the logger mute command. That way you do
not adjust the verbose level at all.
You see the problem I have is that Fail2ban reads the asterisk "full" log
file. So, if I am playing on the CLI and then do "core set verbose 0" and
exit the box and forget to set it back to 9 then Fail2ban stops working
because the log file hasn't logged the attack.
I still think there is a way around this and I am missing a config. Why
would anyone tie security logs to a mere CLI command?
Thanks again
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users

Tzafrir Cohen

2011-12-31 10:06:19 UTC

Permalink

Post by Bruce B
So, based on what you are saying if I issue the command "core set verbose
0" and then exit the system Fail2Ban will stop working for Asterisk (this
is since Fail2ban works based on the log file entries).
Can anyone else please confirm that as well.

Though in trunk you can set different log levels to different files.

--
Tzafrir Cohen
icq#16849755 jabber:***@xorcom.com
+972-50-7952406 mailto:***@xorcom.com
http://www.xorcom.com iax:***@local.xorcom.com/tzafrir

Bruce B

2012-01-01 00:37:40 UTC

Permalink

Post by Tzafrir Cohen

Though in trunk you can set different log levels to different files.

Tzafrir, thanks for the feedback. Can you please elaborate on that. Is that
something that is not effected by the CLI commands? Not sure which trunk
you are pointing too.

Regards,

Luke Hamburg

2012-02-16 19:18:17 UTC

Permalink

https://reviewboard.asterisk.org/r/1599/
I so wish that this patch would be backported to the 1.8 branch! I am
considering switching to trunk just for this alone.

I know it's a stretch but, given the popularity of running Fail2Ban
alongside Asterisk, could it not fall under the pretense of 'security risk'
that someone very easily breaks Fail2Ban by forgetting to set verbose back
to 5 during a routine CLI session where they might have temporarily needed
to reduce verbosity?

I know I'm reaching, but doesn't hurt to beg.

Luke

-----Original Message-----
From: asterisk-users-***@lists.digium.com
[mailto:asterisk-users-***@lists.digium.com] On Behalf Of Tzafrir Cohen
Sent: Saturday, December 31, 2011 5:06 AM
To: asterisk-***@lists.digium.com
Subject: Re: [asterisk-users] High verbose set at console effects the logger
file "Full" - Why is that?

Post by Bruce B
So, based on what you are saying if I issue the command "core set
verbose 0" and then exit the system Fail2Ban will stop working for
Asterisk (this is since Fail2ban works based on the log file entries).
Can anyone else please confirm that as well.

Though in trunk you can set different log levels to different files.

--
Tzafrir Cohen

Mike

2012-02-16 20:25:17 UTC

Permalink

A definite "me too" from my side. Always wondered why it wasn't like that.
It would do wonders to help us fix our own problems instead of filling in
bugs or posting here ;-) (hint hint)

Mike

Post by Luke Hamburg
-----Original Message-----
Sent: Thursday, February 16, 2012 2:18 PM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] High verbose set at console effects the
logger file "Full" - Why is that?
https://reviewboard.asterisk.org/r/1599/
I so wish that this patch would be backported to the 1.8 branch! I am
considering switching to trunk just for this alone.
I know it's a stretch but, given the popularity of running Fail2Ban
alongside Asterisk, could it not fall under the pretense of 'security risk'
that someone very easily breaks Fail2Ban by forgetting to set verbose back
to 5 during a routine CLI session where they might have temporarily needed
to reduce verbosity?
I know I'm reaching, but doesn't hurt to beg.
Luke
-----Original Message-----
Sent: Saturday, December 31, 2011 5:06 AM
Subject: Re: [asterisk-users] High verbose set at console effects the
logger file "Full" - Why is that?

Post by Bruce B
So, based on what you are saying if I issue the command "core set
verbose 0" and then exit the system Fail2Ban will stop working for
Asterisk (this is since Fail2ban works based on the log file entries).
Can anyone else please confirm that as well.

Though in trunk you can set different log levels to different files.
--
Tzafrir Cohen
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users

Patrick Lists

2012-02-17 00:32:13 UTC

Permalink

Post by Luke Hamburg
https://reviewboard.asterisk.org/r/1599/
I so wish that this patch would be backported to the 1.8 branch! I am
considering switching to trunk just for this alone.
I know it's a stretch but, given the popularity of running Fail2Ban
alongside Asterisk, could it not fall under the pretense of 'security risk'
that someone very easily breaks Fail2Ban by forgetting to set verbose back
to 5 during a routine CLI session where they might have temporarily needed
to reduce verbosity?
I know I'm reaching, but doesn't hurt to beg.

Yes that would be a very nice addition. Perhaps someone with Asterisk
coding skills can backport the patch. Have you checked if it applies at
all to the latest 1.8 master? I wonder if that patch is already part of
10 master or the 10.2 branch as I could not see anything mentioned on
reviewboard.

Regards,
Patrick

Matthew Jordan

2012-02-17 01:05:54 UTC

Permalink

----- Original Message -----

Sent: Thursday, February 16, 2012 6:32:13 PM
Subject: Re: [asterisk-users] High verbose set at console effects the logger file "Full" - Why is that?

Post by Luke Hamburg
https://reviewboard.asterisk.org/r/1599/
I so wish that this patch would be backported to the 1.8 branch! I
am
considering switching to trunk just for this alone.
I know it's a stretch but, given the popularity of running Fail2Ban
alongside Asterisk, could it not fall under the pretense of
'security risk'
that someone very easily breaks Fail2Ban by forgetting to set
verbose back
to 5 during a routine CLI session where they might have temporarily
needed
to reduce verbosity?
I know I'm reaching, but doesn't hurt to beg.

Yes that would be a very nice addition. Perhaps someone with Asterisk
coding skills can backport the patch. Have you checked if it applies
at
all to the latest 1.8 master? I wonder if that patch is already part
of
10 master or the 10.2 branch as I could not see anything mentioned on
reviewboard.

It's not in Asterisk 10, it's in the current trunk, which will eventually
become Asterisk 11. The patch, while a very nice and useful enhancement,
is unfortunately fairly intrusive. I can't see it becoming part of
the Asterisk 1.8 or Asterisk 10 branches, given (a) the fact that it
is certainly an improvement and not a bug fix, and (b) the risk involved
in back-porting a patch of that magnitude and scope.

Regards,
Patrick

Matthew Jordan
Digium, Inc. | Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org

Luke Hamburg

2012-02-17 03:11:47 UTC

Permalink

Fair enough.
Giving up on the backport to 1.8 or 10 for now, I had a thought for a
kludge.

How about a shell script (scheduled with cron) that checks for any 'active'
consoles -- any connected consoles where there has been user input within
the last X minutes. If it finds none, then set the verbosity back to 5 (or
whatever level you want).

There are a few problems with this -- I couldn't find any way to:

1) query Asterisk for a count or list of console connections, much less
'active' ones
2) query Asterisk for the current verbosity level (without changing it)

Am I barking up another wrong tree here?
Anyone have any other ideas on how to solve this problem?

-----Original Message-----
From: asterisk-users-***@lists.digium.com
[mailto:asterisk-users-***@lists.digium.com] On Behalf Of Matthew Jordan
Sent: Thursday, February 16, 2012 8:06 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] High verbose set at console effects the logger
file "Full" - Why is that?

It's not in Asterisk 10, it's in the current trunk, which will eventually
become Asterisk 11. The patch, while a very nice and useful enhancement, is
unfortunately fairly intrusive. I can't see it becoming part of the
Asterisk 1.8 or Asterisk 10 branches, given (a) the fact that it is
certainly an improvement and not a bug fix, and (b) the risk involved in
back-porting a patch of that magnitude and scope.

Matthew Jordan
Digium, Inc. | Software Developer

Bruce B

2012-02-17 18:18:41 UTC

Permalink

Wouldn't a shell script be a band-aid solution?

CLI verbose should have absolutely no effect on other loggings. I have been
saying this forever that Asterisk logging should be very strong and
separate of anything else including what we see on the CLI. This is
important for security reasons. You forget to put the verbose back to 9
then your Fail2ban stop working. You are debugging the server and playing
with "core set verbose" then you are momentarily opening for attacks.

I do understand what "core set verbose" was initially made for but these
things are not set in stone and should be improved given security is
becoming such a huge issue.

Separating logger.conf from "core set verbose" is the best solution.

Best,

Post by Luke Hamburg
Fair enough.
Giving up on the backport to 1.8 or 10 for now, I had a thought for a
kludge.
How about a shell script (scheduled with cron) that checks for any 'active'
consoles -- any connected consoles where there has been user input within
the last X minutes. If it finds none, then set the verbosity back to 5 (or
whatever level you want).
1) query Asterisk for a count or list of console connections, much less
'active' ones
2) query Asterisk for the current verbosity level (without changing it)
Am I barking up another wrong tree here?
Anyone have any other ideas on how to solve this problem?
-----Original Message-----
Sent: Thursday, February 16, 2012 8:06 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] High verbose set at console effects the logger
file "Full" - Why is that?
It's not in Asterisk 10, it's in the current trunk, which will eventually
become Asterisk 11. The patch, while a very nice and useful enhancement, is
unfortunately fairly intrusive. I can't see it becoming part of the
Asterisk 1.8 or Asterisk 10 branches, given (a) the fact that it is
certainly an improvement and not a bug fix, and (b) the risk involved in
back-porting a patch of that magnitude and scope.
Matthew Jordan
Digium, Inc. | Software Developer
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
http://www.asterisk.org/hello
asterisk-users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users