Configuration of the Asterisk manager API
Asterisk config manager.conf
Note that activating the manager API opens a TCP port. Make sure you know what you are doing. Maybe it's enough to just activate this for the local loopback interface, 127.0.0.1. However, by using AstManProxy communication can be secured using SSL/HTTPS, and there is also AMI SSL/TLS support in Asterisk 1.6.
New: Asterisk 1.4 introduces AMI-over-http as an alternative approach, using the internal Asterisk http server (see AJAM).
New: Asterisk 1.8 introduces the 'originate' flag
Note: "portno" has changed to "port" (at least as of Asterisk 1.2.4). So if one doesn't work try the other. Simply reloading asterisk will not enable the manager. You must shut down asterisk and restart. To test just telnet to port 5038 on the asterisk box. If bindaddr = 0.0.0.0 then the manager will bind to ALL Ip's on the server.
Reference doc/manager_1_1.txt in the asterisk source code for more, and up-to-date, documentation.
; Asterisk Call Management support
enabled = yes
port = 5038
bindaddr = 0.0.0.0
webenabled = no
; Each user has a section labeled with the username
; so this is the section for the user named "mark"
secret = mysecret
read = system,call,log,verbose,command,agent,user,originate
write = system,call,log,verbose,command,agent,user,originate
- No encryption is used, even the password is sent in plaintext. Notes: However you can use md5 challange-and-reply for a slightly safer means to transmit the password; Asterisk 1.4 will come with SSL encryption)
- Don't enable it on a public IP.
- Use http://www.stunnel.org/ or a SSH tunnel
- Watch out with management programs with direct interface to the manager.
- Limit the privileges per user (especially the system!)
QuestionsAnyone able to explain the exact meaning of each these entires?
AnswerAll manager API commands registered by varoius asterisk modules have a privilege group associated to it. In order for a manager API user to be able to issue a command, it has to have read or write privilege to the appropriate group. Following is a list of commands groupped by privilege groups as of Asterisk 188.8.131.52:
system: DBGet, DBPut, SIPpeers, SIPshowpeer
call: Hangup, Status, Setvar, Getvar, Redirect, Originate, ExtensionState, AbsoluteTimeout, MailboxStatus, MailboxCount, SetCDRUserField, Monitor, StopMonitor, ChangeMonitor
log: * couldn't find any *
verbose: * couldn't find any *
Agent: Agents,AgentLogoff,AgentCallbackLogin, QueueAdd, QueueRemove, QueuePause
User: in 'deviceanduser' amportal.conf mode, shows when an user logon and logoff on device
originate: Originate a call
None (commands that can be issued without explicit privileges associated): Ping, Events, Logoff, ListCommands, ZapTransfer, ZapHangup, ZapDialOffhook, ZapDNDon, ZapDNDoff, ZapShowChannels, IAXpeers, IAXnetstat, Queues, QueueStat, ParkedCalls
Go back to Asterisk
Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+