Linux - Monitor log and email

We have some servers with asterisk open to the world. Below is a copy of the log file where we need these lines emailed to us in the event that there is an attack.

We need a script that will monitor the IP address of the "failed for '[url removed, login to view]'" and if the IP address shows up 10 times in less then 1 minute for any failure then we want it to notify us with the following info:

To: [ASK ABOUT TO ADDRESS]

Subject: Security Threat - Asterisk

Message: [Lines for server logs]

Once this email is sent we don't want the script to send another email for the same IP for 30 minutes (so we don't get slammed with emails while we shutdown the attack).

Example of an attack:

File: /var/log/asterisk/full

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"caryl" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"caryl" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"caryl" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"caryl" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"caryl" ' failed for '[url removed, login to view]' - No matching peer found

[Oct 14 04:02:59] NOTICE[3832] chan_sip.c: Registration from '"278" ' failed for '[url removed, login to view]' - No matching peer found

Asterisk PBX Linux

Project ID: #4002774

About the project