add a dedicated log channel for modules to be able report security-related events, so that they can be fed into external processes for analysis and possible mitigation efforts

(inspired by this evening's Toronto Asterisk Users Group meeting and previous dicussions amongst various community members)



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@187269 65c4cc65-6c06-0410-ace0-fbb531ad65f3

4 files changed, 24 insertions, 4 deletions

diff --git a/apps/app_verbose.c b/apps/app_verbose.c
index b4c6a6384..f094dc149 100644
--- a/apps/app_verbose.c
+++ b/apps/app_verbose.c
@@ -59,7 +59,7 @@ static char *app_log = "Log";
 		<syntax>
 			<parameter name="level">
 				<para>Level must be one of <literal>ERROR</literal>, <literal>WARNING</literal>, <literal>NOTICE</literal>,
-				<literal>DEBUG</literal>, <literal>VERBOSE</literal> or <literal>DTMF</literal>.</para>	
+				<literal>DEBUG</literal>, <literal>VERBOSE</literal>, <literal>DTMF</literal> or <literal>SECURITY</literal>.</para>	
 			</parameter>
 			<parameter name="message" required="true">
 				<para>Output text message.</para>
@@ -146,6 +146,8 @@ static int log_exec(struct ast_channel *chan, void *data)
 		lnum = __LOG_VERBOSE;
 	} else if (!strcasecmp(args.level, "DTMF")) {
 		lnum = __LOG_DTMF;
+	} else if (!strcasecmp(args.level, "SECURITY")) {
+		lnum = __LOG_SECURITY;
 	} else if (!strcasecmp(args.level, "EVENT")) {
 		lnum = __LOG_EVENT;
 	} else {
diff --git a/configs/logger.conf.sample b/configs/logger.conf.sample
index a441ebd8f..84edd57e6 100644
--- a/configs/logger.conf.sample
+++ b/configs/logger.conf.sample
@@ -70,6 +70,7 @@
 ;    error
 ;    verbose
 ;    dtmf
+;    security
 ;
 ; Special filename "console" represents the system console
 ;
@@ -89,6 +90,7 @@ console => notice,warning,error
 ;console => notice,warning,error,debug
 messages => notice,warning,error
 ;full => notice,warning,error,debug,verbose
+security => security
 
 ;syslog keyword : This special keyword logs to syslog facility 
 ;
diff --git a/include/asterisk/logger.h b/include/asterisk/logger.h
index 65448cfe4..1941accbc 100644
--- a/include/asterisk/logger.h
+++ b/include/asterisk/logger.h
@@ -189,7 +189,18 @@ void ast_console_toggle_loglevel(int fd, int level, int state);
 #endif
 #define AST_LOG_DTMF    __LOG_DTMF, _A_
 
-#define NUMLOGLEVELS 6
+#ifdef LOG_SECURITY
+#undef LOG_SECURITY
+#endif
+#define __LOG_SECURITY  7
+#define LOG_SECURITY    __LOG_SECURITY, _A_
+
+#ifdef AST_LOG_SECURITY
+#undef AST_LOG_SECURITY
+#endif
+#define AST_LOG_SECURITY    __LOG_SECURITY, _A_
+
+#define NUMLOGLEVELS 7
 
 /*!
  * \brief Get the debug level for a file
diff --git a/main/logger.c b/main/logger.c
index 163548908..79fb730d3 100644
--- a/main/logger.c
+++ b/main/logger.c
@@ -162,7 +162,8 @@ static char *levels[] = {
 	"WARNING",
 	"ERROR",
 	"VERBOSE",
-	"DTMF"
+	"DTMF",
+	"SECURITY",
 };
 
 /*! \brief Colors used in the console for logging */
@@ -204,6 +205,8 @@ static int make_components(const char *s, int lineno)
 			res |= (1 << __LOG_VERBOSE);
 		else if (!strcasecmp(w, "dtmf"))
 			res |= (1 << __LOG_DTMF);
+		else if (!strcasecmp(w, "security"))
+			res |= (1 << __LOG_SECURITY);
 		else {
 			fprintf(stderr, "Logfile Warning: Unknown keyword '%s' at line %d of logger.conf\n", w, lineno);
 		}
@@ -356,7 +359,7 @@ static void init_logger_chain(int locked)
 		if (!(chan = ast_calloc(1, sizeof(*chan))))
 			return;
 		chan->type = LOGTYPE_CONSOLE;
-		chan->logmask = 28; /*warning,notice,error */
+		chan->logmask = (1 << __LOG_WARNING) | (1 << __LOG_NOTICE) | (1 << __LOG_ERROR);
 		if (!locked)
 			AST_RWLIST_WRLOCK(&logchannels);
 		AST_RWLIST_INSERT_HEAD(&logchannels, chan, list);
@@ -802,6 +805,8 @@ static char *handle_logger_show_channels(struct ast_cli_entry *e, int cmd, struc
 			ast_cli(a->fd, "Debug ");
 		if (chan->logmask & (1 << __LOG_DTMF)) 
 			ast_cli(a->fd, "DTMF ");
+		if (chan->logmask & (1 << __LOG_SECURITY)) 
+			ast_cli(a->fd, "Security ");
 		if (chan->logmask & (1 << __LOG_VERBOSE)) 
 			ast_cli(a->fd, "Verbose ");
 		if (chan->logmask & (1 << __LOG_WARNING))