asterisk/configs/samples/manager.conf.sample

;
; AMI - The Asterisk Manager Interface
;
; Third party application call management support and PBX event supervision
;
; Use the "manager show commands" at the CLI to list available manager commands
; and their authorization levels.
;
; "manager show command <command>" will show a help text.
;
; ---------------------------- SECURITY NOTE -------------------------------
; Note that you should not enable the AMI on a public IP address. If needed,
; block this TCP port with iptables (or another FW software) and reach it
; with IPsec, SSH, or SSL vpn tunnel.  You can also make the manager
; interface available over http/https if Asterisk's http server is enabled in
; http.conf and if both "enabled" and "webenabled" are set to yes in
; this file.  Both default to no.  httptimeout provides the maximum
; timeout in seconds before a web based session is discarded.  The
; default is 60 seconds.
;
[general]
enabled = no
;webenabled = yes

port = 5038
bindaddr = 0.0.0.0

; Parameters that control AMI over TLS. ("enabled" must be set too).
; You can open a connection to this socket with e.g.
;
;	openssl s_client -connect my_host:5039
;
;tlsenable=no		; set to YES to enable it
;tlsbindaddr=0.0.0.0:5039		; address and port to bind to, default to bindaddr and port 5039
;tlscertfile=/tmp/asterisk.pem	; path to the certificate.
;tlsprivatekey=/tmp/private.pem ; path to the private key, if no private given,
                                ; if no tlsprivatekey is given, default is to search
								; tlscertfile for private key.
;tlscipher=<cipher string>      ; string specifying which SSL ciphers to use or not use
;
;allowmultiplelogin = yes		; IF set to no, rejects manager logins that are already in use.
;                               ; The default is yes.
;
;displayconnects = yes
;
; Add a Unix epoch timestamp to events (not action responses)
;
;timestampevents = yes

;brokeneventsaction = yes   ; Restore previous behavior that caused the events
                            ; action to not return a response in certain
                            ; circumstances.  Defaults to 'no'.

;
; Display certain channel variables every time a channel-oriented
; event is emitted:
;
; Note that this does incur a performance penalty and should be avoided if possible.
;
;channelvars = var1,var2,var3

; debug = on	; enable some debugging info in AMI messages (default off).
		; Also accessible through the "manager debug" CLI command.

; authtimeout specifies the maximum number of seconds a client has to
; authenticate.  If the client does not authenticate beofre this timeout
; expires, the client will be disconnected. (default: 30 seconds)

;authtimeout = 30

; authlimit specifies the maximum number of unauthenticated sessions that will
; be allowed to connect at any given time.

;authlimit = 50

;httptimeout = 60
; a) httptimeout sets the Max-Age of the http cookie
; b) httptimeout is the amount of time the webserver waits
;    on a action=waitevent request (actually its httptimeout-10)
; c) httptimeout is also the amount of time the webserver keeps
;    a http session alive after completing a successful action
;
; disabledevents specifies AMI events which should be completely globally disabled.
; These events will not be available to any AMI listeners. Use this to disable
; frequent events which are not desired for any listeners. Default
; is no events are globally disabled. Event names are case-sensitive.
; Events disabled in stasis.conf do not also need to be disabled here.
; If you don't want to completely disable an AMI event, also consider the
; filter option available on a per-manager user basis to block unwanted
; events from being received in a stream (as opposed to this option which
; would prevent specified events from being generated at all).

;disabledevents = Newexten,Varset

;[mark]
;secret = mysecret
;deny=0.0.0.0/0.0.0.0
;permit=209.16.236.73/255.255.255.0
;acl=named_acl_example               ; use a named ACL from acl.conf
;
;
;setvar=PBXACCOUNT=edvina
; The setvar option defines channel variables that will be set when this account
; originates a call. You can define multiple setvar= commands for one manager
; user.
;

;--
-- eventfilter --------------------------------------------------------
Include and/or exclude events for this user.

There are two ways to use this feature... Legacy and Advanced.

Legacy Event Filtering:

This is the original method of filtering events.  It's no longer
recommended but still supported for backwards compatibility.  The filter
is a regular expression, optionally prefixed with an exclamation point (!).
The regular expression is applied to the entire payload of every event.
If any part of the event payload matches, the event is included.  If the
first character of the filter is an exclamation point (!), the event is
excluded. On a busy system, this is a resource intensive process and the
reason it's no longer recommended.

Another issue with legacy filtering is that regexes are very sensitive to
whitespace and separators.  "Event:Newchannel" will NOT work because of
the missing space after the ':'.  Neither will "Event:  Newchannel" or
"Event Newchannel" because of the extra space in the first expression
and the missing ':' in the second.

Advanced Event Filtering:

Advanced filtering still allows you to use regular expressions but adds
the ability to pre-select certain events and constrain the regular
expression to matching the contents of a specific event header.
The syntax is:

eventfilter(<match_criteria>) = [ <match_expression> ]

<match_criteria> : [ action(include|exclude) | name(<event_name>) |
    header(<header_name>) | method(<match_method>) ][, ...]

You can specify at most one of each of the following in any order,
separated by commas.

    action(include|exclude): Default: 'include'. Instead of using '!' to
    exclude matching events, specify 'action(exclude)'.  Although the
    default is "include" if "action" isn't specified, adding
    "action(include)" will help with readability.

    name(<event_name>): Include only events with a name exactly matching
    <event_name>.  This is actually implemented using the "hash" of the
    event names and is therefore much more efficient than using a regular
    expression.

    header(<header_name>): Include only events that have a header exactly
    matching <header_name>.  Additionally, the data to be searched will
    be constrained to the value of this header instead of the entire
    event payload.

    method(regex | exact | starts_with | ends_with | contains | none ):
    How should <match_expression> be applied to the event data?  The data may
    be the entire event payload or, if header(<header_name>) was used, the
    value of that specific header.  If 'action(exclude)' was specified, a
    "match" here will cause the event to be excluded instead of included.

        regex:  As a regular expression that, if matched anywhere in the
        data, constitutes a match.

        exact: As a simple string that must match all of the data.
        Probably only useful when the data is constrained to a specific header
        and the data itself is a simple value.

        starts_with: As a simple string that, if found at the beginning of the
        data, constitutes a match.

        ends_with: As a simple string that, if found at the end of the data,
        constitutes a match.

        contains: As a simple string that, if found anywhere in the data,
        constitutes a match.

        none: Ignore <match_expression> altogether.  This is the default
        because the majority of use cases for event filtering involve
        including or excluding events by event name without regard to the
        event payload.  In this case, you can just leave <match_expression>
        empty.

  TIP:  Although match criteria order doesn't matter to Asterisk, using the
  order shown can help you read them.  For instance...
  eventfilter(action(exclude),name(Newchannel),header(Channel),method(starts_with)) = Local/
  ...means "Exclude Newchannel events with a Channel header that starts with Local/"

Event Filter Processing Ordering:

Both Legacy and Advanced filter entries are processed as follows:
 - If no filters are configured, all events are reported as normal.

 - If there are 'include' filters only, an event that matches ANY filter
   will be reported.

 - If there are 'exclude' filters only, an event that matched ANY filter
   will be excluded.

 - If there are both 'include' and 'exclude' filters, all 'include' filters
   are matched first, then the 'exclude' filters will be applied to the
   resulting set.
--;

; ----- Legacy Filter Examples:
; Every legacy filter expression results in regular expression matching
; on the entire payload of every event even if no regular expression
; meta-characters were used.

; Only include Newchannel events
;eventfilter=Event: Newchannel

; Only include events of any type with a "Channel" header that matches
; the regular expression.
;eventfilter=Channel: (PJ)?SIP/(james|jim|john)-

; Only include Newchannel events which contain a "Channel" header
; for PJSIP channels.
;eventfilter = Event: Newchannel.*Channel: PJSIP/

; Only include Newchannel or Hangup events whose "Channel" header doesn't start
; with Local/.  All other events are filtered out.
;eventfilter = Event: Newchannel
;eventfilter = Event: Hangup
;eventfilter = !Channel: Local/
; This causes three regexes to be searched for on every event!

; Include ALL events EXCEPT Newchannel and Hangup events whose "Channel" header
; starts with Local/.
; Other Newchannel and Hangup events ARE reported.
;eventfilter = !Event: (Newchannel|Hangup).*Channel: Local/
; This causes one regex to be searched for but it's a fairly expensive
; one.

; Exclude any event that has a "Channel" header whose value starts with "DADHI/"
;eventfilter=!Channel: DAHDI/

; ----- Advanced Filter Examples:
; All of these examples are WAY more efficient than their legacy
; equivalents.

; Include only "Newchannel" events.
; eventfilter(name(Newchannel)) =
; Note that there's nothing to the right of the '=' because you don't care
; what's in the payload.  You still need the '=' though or the config file
; parser will complain.  'action(include)' and 'method(none)' are implied.

; Only include events of any type with a "Channel" header that matches
; the regular expression.
;eventfilter(action(include),header(Channel),method(regex)) = (PJ)?SIP/(james|jim|john)-
; We're still testing every event but because we only apply the regex to the
; value of the Channel header this is still more efficient than using the
; legacy method.

; Only include Newchannel and Hangup events whose "Channel" header doesn't
; start with Local/.
;eventfilter(action(include),name(Newchannel)) =
;eventfilter(action(include),name(Hangup)) =
;eventfilter(header(Channel),action(exclude),method(starts_with)) = Local/
; No regexes at all.  We do the hash match against the event names first and
; only matching events are passed to the next filter.
; Then, in only those events, we look for a Channel header by exact match, then
; look for 'Local/' at the beginning of its value.

; Include ALL events EXCEPT Newchannel and Hangup events whose "Channel" header
; starts with Local/.
; Other Newchannel and Hangup events ARE reported.
;eventfilter(action(exclude),name(Newchannel),header(Channel),method(starts_with)) = Local/
;eventfilter(action(exclude),name(Hangup),header(Channel),method(starts_with)) = Local/
; Again, no regexes. Very efficient because the filters start by looking for
; a hash match on the event name.

; Exclude any event that has a "Channel" header whose value starts with "DADHI/"
;eventfilter(action(exclude),header(Channel),method(starts_with)) = DAHDI/
; We're still testing every event but there are no regexes involved at all.

;--
-- eventfilter end ----------------------------------------------------
--;

;
; If the device connected via this user accepts input slowly,
; the timeout for writes to it can be increased to keep it
; from being disconnected (value is in milliseconds)
;
; writetimeout = 100
;
;displayconnects = yes	; Display on CLI user login/logoff
;
; Authorization for various classes
;
; Read authorization permits you to receive asynchronous events, in general.
; Write authorization permits you to send commands and get back responses.  The
; following classes exist:
;
; all       - All event classes below (including any we may have missed).
; system    - General information about the system and ability to run system
;             management commands, such as Shutdown, Restart, and Reload. This
;             class also includes dialplan manipulation actions such as
;             DialplanExtensionAdd and DialplanExtensionRemove.
; call      - Information about channels and ability to set information in a
;             running channel.
; log       - Logging information.  Read-only. (Defined but not yet used.)
; verbose   - Verbose information.  Read-only. (Defined but not yet used.)
; agent     - Information about queues and agents and ability to add queue
;             members to a queue.
; user      - Permission to send and receive UserEvent.
; config    - Ability to read and write configuration files.
; command   - Permission to run CLI commands.  Write-only.
; dtmf      - Receive DTMF events.  Read-only.
; reporting - Ability to get information about the system.
; cdr       - Output of cdr_manager, if loaded.  Read-only.
; dialplan  - Receive NewExten and VarSet events.  Read-only.
; originate - Permission to originate new calls.  Write-only.
; agi       - Output AGI commands executed.  Input AGI command to execute.
; cc        - Call Completion events.  Read-only.
; aoc       - Permission to send Advice Of Charge messages and receive Advice
;           - Of Charge events.
; test      - Ability to read TestEvent notifications sent to the Asterisk Test
;             Suite.  Note that this is only enabled when the TEST_FRAMEWORK
;             compiler flag is defined.
; security  - Security Events.  Read-only.
; message   - Permissions to send out of call messages. Write-only
;
;read = system,call,log,verbose,agent,user,config,dtmf,reporting,cdr,dialplan
;write = system,call,agent,user,config,command,reporting,originate,message