Contact

Blogs

Take a look at the things that interest us.

Setting up the Asterisk AMI

Wesley Wesley 3 years

In this post, I would like to explain more about the Asterisk Ami, how to enable it, how to create a basic user, and how to login into the Asterisk Ami.

Requirements

  • Asterisk 16 or 18
  • Netstat Package

What is the Asterisk AMI

The Asterisk Manager Interface, more commonly known as Asterisk Ami, is a very simple protocol that allows you to manage your asterisk server through your server command line. It has support to create and edit asterisk configuration files and also manage the calls, clients, agents, dial plan, etc.

Enabling the Asterisk AMI

The Asterisk Ami is per default disabled due to the security risks. In order to enable the Asterisk Ami, you'll need to edit the manager.conf file.

$ cd /etc/asterisk
$ vi /manager.conf

This will open the configuration file and documentation which can be used as a reference point. In this configuration file, we will update the following part.

# manager.conf
[general]
enabled = no
;webenabled = yes

port = 5038
bindaddr = 0.0.0.0

Let's set enabled to yes.

# manager.conf
enabled = yes

Creating a Asterisk Ami user

When you scroll down further, you'll come across an example user named Mark, this is where we will create our Asterisk Ami user. We'll need this user to be able to login into our Asterisk Ami.

# manager.conf
;[mark]
;secret = mysecret
;deny=0.0.0.0/0.0.0.0
;permit=209.16.236.73/255.255.255.0
;acl=named_acl_example               ; use a named ACL from acl.conf

Let's create our Ami user.

# manager.conf
[testuser]
secret=1234568
deny=0.0.0.0/0.0.0.0
permit=0.0.0.0/0.0.0.0

Setting the Asterisk Ami User Permissions

To give this user the rights to execute commands on the Asterisk Ami, we'll need to set the permissions for this user. The Asterisk Ami has two types of permissions.

  • Read
  • Write

By default, all permissions are denied. The following classes can be used:

# All event classes below (including any we may have missed).
read=all 
write=all

# General information about the system and ability to run system
read=system 
write=system

# Information about channels and ability to set information in a
read=call 
write=call

# Logging information.  Read-only. (Defined but not yet used.)
read=log 
write=log

# Verbose information.  Read-only. (Defined but not yet used.) 
read=verbose 
write=verbose

# Information about queues and agents and ability to add queue 
read=agent 
write=agent

# Permission to send and receive UserEvent. 
read=user 
write=user

# Ability to read and write configuration files.
read=config 
write=config

# Permission to run CLI commands.  Write-only.
read=command 
write=command

# Receive DTMF events.  Read-only.
read=dtmf 
write=dtmf

# Ability to get information about the system.
read=reporting 
write=reporting

# Output of cdr_manager, if loaded.  Read-only.
read=cdr 
write=cdr

# Receive NewExten and VarSet events.  Read-only.
read=dialplan 
write=dialplan

# Permission to originate new calls.  Write-only.
read=originate 
write=originate

# Output AGI commands executed.  Input AGI command to execute.
read=agi 
write=agi

# Call Completion events.  Read-only.
read=cc 
write=cc

# Permission to send Advice Of Charge messages and receive Advice
read=aoc 
write=aoc

# Ability to read TestEvent notifications sent to the Asterisk Test
read=test 
write=test

You can also use multiple classes for one user.

# Example
read=system,call,dialplan,originate
write=system,call,dialplan,originate

For demonstration purposes, we are going to allow read and write permissions for all classes. Let's add the following code to our user.

# manager.conf
[testuser]
secret=1234568
deny=0.0.0.0/0.0.0.0
permit=0.0.0.0/0.0.0.0
read=all
write=all

After this, we will save the configuration file and restart our Asterisk PBX server with the following command.

$ systemctl restart asterisk

Testing the Asterisk AMI

Now let's try to access the Asterisk AMI using telnet.

Let's first double-check if port 5038 is open, write the following command in your terminal.

$ netstat -lna | grep 5038
# ouput
tcp        0      0 0.0.0.0:5038            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:5038          127.0.0.1:57250         TIME_WAIT 

Now we can try to connect to the Asterisk Ami using telnet.

$ telnet localhost 5038

This should result in the Asterisk Call Manager responding as you are now connecting to the Asterisk Ami.

# ouput 
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Asterisk Call Manager/7.0.0

Log in to the Asterisk Ami

In order to login into our Asterisk Ami, we need to write the following in our terminal.

Action: login
Username: testuser
Secret: 12345678

We use the account details that we have set up earlier in our manager.conf. If everything went well you see the following.

Response: Success
Massage: Authentication accepted

That’s pretty much it when it comes to setting up the Asterisk Ami and connecting to the interface.

Setting up the Asterisk AMI 2021-08-23 14:11:44

There are no comments.

4596

Have questions about our services?

Contact our Sales team to get answers.

Contact Us
gomibako@aska-ltd.jp