Log Watch and Ban
Log Watch/Ban Service
This feature allows the PBX to monitor the SIP registration traffic and ban any IP address that makes 5 failed registration attempts. The IP address will be banned for either 3 days or until the service is restarted. Configuration settings allow you to ignore (not monitor) IP addresses that are communicating from the LocalNet, as well as allowing you to manually add addresses you want the system to ignore. If you set up an Admin Email Address under PBX Setup=>General and have Unified Messaging configured, the PBX will send you an email any time an IP address is banned via this feature. Follow this link to see what a Ban Email will look like.
Enable Log Watch/Ban Service
STEPS:
- From the PBX Setup->General System Setup page, locate the Security Settings section.
- Enable the Log Watch Ban Service by setting the parameter to “Yes” on the drop-down list.
- Click the button to save the changes.
Once you have enabled the Log Watch/Ban Services, you will be able to configure the parameters for the security settings.
The following table describes the parameters and descriptions (recommended settings) for the Log Watch and Ban feature.
Service is currently Running |
This indicates the status of the service, either Running or Not Running. |
Reload Button |
Restarts the Ban service, clearing any existing banned IP addresses. |
Enable Log Watch & Ban Service |
Set to Yes and the PBX will monitor failed SIP registration attempts. 5 failed attempts and the IP is blocked for:
|
Ignore IPs in SIP LocalNets |
Set to Yes and the PBX will ignore failed SIP registration attempts from IPs from the LocalNets configured in the system. When set to No, IP addresses from the LocalNets are ignored for failed attempts. |
Ignoring Addresses |
Lists the addresses that were manually entered to be ignored in regards to failed SIP registration attempts |
Add Entry |
Enter the IP addresses you wish to be ignored by the PBX in regards to failed SIP registration attempts. |
Configure Log Watch/Ban Service
STEPS:
- Navigate to PBX Setup=>General.
- Scroll down to the Security Settings panel, set the parameters based on your general business requirements.
- Click the button to save the changes.
- Navigate to the PBX Setup=>General page. Locate the Admin Settings section (located at the top of the page).
- Enter an IP address for Admin Email Address field. Depending on whether you have Unified Messaging configured, the PBX will send an email to this address any time that it bans an IP address. See the Unified Messaging section of this guide for details on how to configure this parameter.
- Click the Apply Changes link located at the top right hand corner of the page, to commit the changes to the database.
Disable Log Set Security Setting
STEPS:
- From the PBX Setup=>General System Setup page, locate the Security Settings panel.
- Disable the security setting by selecting “No” from the drop-down list for the Log Watch Ban Service.
- Click the button to save the changes.
- Click the Apply Changes link located at the top right hand corner of the page, to commit the changes to the database.
It should be noted that the Log Watch is not intended to be the only line of defense for security. It is best practice that if you are being attacked by a intruder, that you permanently ban at the router/firewall level. This keeps the offending traffic off your LAN.