Crowdsec: SIP bruteforce traffic not banned

[nrauso]

On NS8 with active NethVoice modules, you can observe log entries like the following:

May 21 14:53:33 VoipTest freepbx[349589]: [2025-05-21 14:53:33] #033[1;33mNOTICE#033[0m[150]: #033[1;37mchan_sip.c#033[0m:#033[1;37m29058#033[0m #033[1;37mhandle_request_register#033[0m: Registration from '<sip:1951@99.88.77.66>' failed for '137.184.125.78:50527' - Wrong password
May 21 14:53:33 VoipTest freepbx[349589]: [2025-05-21 14:53:33] #033[1;33mNOTICE#033[0m[150]: #033[1;37mchan_sip.c#033[0m:#033[1;37m29058#033[0m #033[1;37mhandle_request_register#033[0m: Registration from '<sip:5829@99.88.77.66>' failed for '137.184.125.78:51309' - Wrong password
May 21 14:53:35 VoipTest freepbx[349589]: [2025-05-21 14:53:35] #033[1;33mNOTICE#033[0m[150]: #033[1;37mchan_sip.c#033[0m:#033[1;37m29058#033[0m #033[1;37mhandle_request_register#033[0m: Registration from '<sip:9224@99.88.77.66>' failed for '137.184.125.78:53068' - Wrong password
May 21 14:53:35 VoipTest freepbx[349589]: [2025-05-21 14:53:35] #033[1;33mNOTICE#033[0m[150]: #033[1;37mchan_sip.c#033[0m:#033[1;37m29058#033[0m #033[1;37mhandle_request_register#033[0m: Registration from '<sip:14405@99.88.77.66>' failed for '137.184.125.78:53268' - Wrong password

These are illegitimate SIP registration attempts and should be blocked by CrowdSec.
However, they are currently not detected or banned.
While the Asterisk collection is available for CrowdSec, it is not enabled by default, even after enabling it, these log lines still do not trigger any ban.

Components

crowdsec:1.0.14

mattermost conversation

[stephdl]

target and above :

• ghcr.io/nethesis/nethvoice:1.3.4-testing.9
• ghcr.io/nethserver/crowdsec:1.0.15-dev.1

once installed check the bug is not more reproducible

• asterisk log must not get color (ansi code)
• sip failure must be banned