Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add IP addresses in log messages #756

Open
Cacodaimon opened this issue Apr 27, 2021 · 8 comments
Open

Add IP addresses in log messages #756

Cacodaimon opened this issue Apr 27, 2021 · 8 comments
Labels
enhancement help wanted

Comments

@Cacodaimon
Copy link

For me as an admin I would like to see the IP addresses in the log messages in order to block suspicious connection¹ by utilizing a intrusion prevention system like fail2ban.

¹ As mentioned here: #737, #626
@misi
Copy link
Contributor

misi commented Jun 17, 2021

Source IP addresses of all incoming STUN or TURN requests?
STUN requests is not authenticated so design logging of coturn in production needs to be prepared on rate limiting to avoid DoS.

@Cacodaimon
Copy link
Author

Thanks for your response!

Source IP addresses of all incoming STUN or TURN requests?

The IP of incoming TURN connections would satisfy my needs to block unauthenticated connections.

STUN requests is not authenticated so design logging of coturn in production needs to be prepared on rate limiting to avoid DoS.

This is my rsyslog filter /etc/rsyslog.d/22-coturn.conf currently used to avoid DOS.

# Syslog: coturn disable bind log spam
:msg, contains, "user <>: incoming packet BINDING processed, success" stop

But hence I use TURN only with authentication I would rather block those IPs.

@ptroms
Copy link

ptroms commented Jun 26, 2021
edited

iptables may help:
sudo iptables -t raw -A PREROUTING -p tcp --dport 3478:3479 -j TRACE
or:
sudo iptables -t raw -A PREROUTING -p udp --dport 3478:3479 -j TRACE
or whatever ports your serv listening on. It ends up in syslog, and you can pickup does IP's form there.

@Cacodaimon
Copy link
Author

Cacodaimon commented Jun 28, 2021
edited

@ptroms Thanks for the advice but in this case I get only the IP and not the information whether the user is authenticated or not.

I want to block the IPs doing this kind of requests:

"session 000000000000000002: realm <signalling.example.de> user <>: incoming packet message processed, error 401: Unauthorized"
"session 000000000000000001: realm <signalling.example.de> user <123456789:turn-test-user>: incoming packet message processed, error 401: Unauthorized"

@ghost
Copy link

ghost commented Aug 22, 2021

Why can't Coturn have at least a config option to add client IP addresses to logs? That's pretty basic and almost every other server out there has this ability.

@eakraly eakraly mentioned this issue Dec 31, 2022
Closed
@Oklit
Copy link

Oklit commented Jul 1, 2023

+1 as this is really annoying that there is no easy option to check who is connecting (yes - I also would like to use fail2ban to block some requests).

@bab5470
Copy link

bab5470 commented Apr 8, 2024

+1 Agreed - this is a problem for us too!

@Stoic-Lithium
Copy link

Stoic-Lithium commented Apr 26, 2024
edited

+1 I also desire for IP addresses to be included in the log output.

@obydog002 obydog002 mentioned this issue May 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@misi @Cacodaimon @bab5470 @Oklit @ptroms @Stoic-Lithium