Permalink
Browse files

XX-10384 - add ip address and user to failed log attempts. Note: mess…

…age was missing from alarm emails, so process that failed was missing too until this fix is applied
  • Loading branch information...
1 parent 795f50e commit 2839c063cd8d691506df41d40bd9dfe6a24e1d57 @ezuce-admin ezuce-admin committed Sep 6, 2012
Showing with 2 additions and 2 deletions.
  1. +1 −1 sipXconfig/etc/sipxpbx/sipxconfig/sipxconfig.sec.erb
  2. +1 −1 sipXsnmp/bin/snmptrap-email-handler.in
View
2 sipXconfig/etc/sipxpbx/sipxconfig/sipxconfig.sec.erb
@@ -3,7 +3,7 @@
%>
type=SingleWithThreshold
ptype=RegExp
-pattern=Authentication event AuthenticationFailureBadCredentialsEvent: (\S+);
+pattern=Authentication event AuthenticationFailureBadCredentialsEvent: (\S+); .* RemoteIpAddress: (\S+);
desc=<%= LOGIN_FAILED[:minThreshold] %> failed login attempts for user $1 within a 60 second interval.
action=shellcmd @SIPX_BINDIR@/sipxtrap LOGIN_FAILED '%s'
window=60
View
2 sipXsnmp/bin/snmptrap-email-handler.in
@@ -102,7 +102,7 @@ def parse_alarm(data, input_stream)
alarm = get_alarm(data, $1)
when /^DISMAN-EVENT-MIB::mteHotValue.0 = INTEGER: (.*)$/
alarm['message'] = "threshold is #{$1}"
- when /^SIPXECS-ALARM-NOTIFICATION-MIB::sipxecsAlarmDescr = STRING: "(.*)"$/
+ when /^SIPXECS-ALARM-NOTIFICATION-MIB::sipxecsAlarmDescr "(.*)"$/
alarm['message'] = $1
end
}

0 comments on commit 2839c06

Please sign in to comment.