Janet Plato wrote:
> In one paragraph:
>
> - I want to to send messages related to radiusd to a local file
> such as /var/log/messages or radius.log
Look for "syslog" in radiusd.conf.
> - I was accounting related messages written out one line each in a
> local file since it is easy to automatically filter them to
> notice anomalies. I want to limit the size of log files and
> putting it all on one line works better for me.
See the "linelog" module.
> - I want the accounting related messages to also be reflected to
> a remote syslog server that is part of our monitoring systems,
> where it can cause visual alerts when certain things happen.
The "linelog" module can write to syslog.
> - I want to configure networks in clients.conf, but have logging
> done by NAS-IP-Addr.
I have no idea what that means.
In any case, the "linelog" module can create customized messages.
> At this moment the server seems to be answering fine and the default
> config is mostly working. I am now trying to work step by step towards
> the following:
>
> - I want to have log messages related to the radius daemon appear in
> /var/log/radius/radius.log (or /var/log/messages), things like starting
> and stopping the server, errors in the config and so on. Local detail
> files could also go there, but I'd rather they went in their own detail
> file.
The detail files do detailed logging. Don't try to change how the
detail files work.
> - I want radiusd to send syslog messages concerning logins to a
> remote syslog server at the same time it logs local details. I could
> enable logging to the local syslog socket and having syslogd reflect
> local1.* to @syslog.remote.my.net, but: radiusd cannot log to both
> files and syslog in the same log {} stanza in radiusd.conf and also
> syslogd would have to reflect all events of facility.* to the remote
> server.
Well... that's the way it works. You can use a syslog server which
supports configurable filtering and redirection of log messages. i.e.
rsyslog.
> Right now nothing else uses local1.* but that might not
> always be true. Also, if radiusd sends everything to a remote
> syslog server that is fine, as long as it also does local file logging.
Sorry, server logs go to one place. The server is *not* in the
business of duplicating log messages. See a configurable "syslog"
server for this functionality.
> If radiusd does its own remote syslog sending, then local processes
> are free to send to the local socker on local1.* without conflict.
> I could probably get syslogd to log to both a file and a remote server
> but that causes problems with other processes potentially using the same
> facility.severity.
Only if you use a 1980s syslog server.
> - I want to be able to configure networks in my clients.conf
> file but have logging by NAS IP address.
> I'd like to log the header line I specified and suppress everything else:
>
> 2010-11-03 14:50:38 1b17d86ead 10.1.1.1: User uname from 192.168.1.1 Start
> 2010-11-03 14:50:38 1b17d86ead 10.1.1.1: User uname from 192.168.1.1 Stop
See the "linelog" module. It is for exactly this purpose.
> This lets me easily notice trends in the system, does not fill
> up my logs, allows me to filter out logins from known users on
> their desktops, and see what is left. I can easily write something
> that views the log file as a series of stanzas, and only shows
> those stanzas that do not contain both (a username line with a
> known user and a client-IP from a known host). The detail log rolls daily
> which is nice, but I would prefer the server messages to go into radius.log
> which rolls less often.
>
> So how can I just have it create a header with what I want,
> and suppress everything else as well as log to a remote syslog server?
The "linelog" module, followed by using a more powerful syslog server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
