Tim McNabb <t...@velociter.net> wrote: > > Hi there! I'm running FreeRADIUS 2.1.7, I was wondering if it is > possible to forward accounting packets to another server while also > keeping the packets on the local machine. I'm working on integrating a > Netsweeper appliance and the company is saying that I need to forward > accounting packets to the appliance in order for it to set policies > correctly. Has anyone ever done this or would be willing to forward > some good documentation on how this can be done? > I have not 'tee'd accounting packets before, but the following should work. Look at the 'decoupled-accounting' and 'robust-proxy-accounting' examples.
In your main RADIUS virtual server (the one that talks to your NASes), configure it to write out to *two* different journals. The first one is your 'regular' accounting path that maybe records things in a local SQL database or whatever you like to log to. The second journalled instance you proxy on the packets to this Netsweeper thingy-mcwhatsit. Using the decoupling/journal thing prevents your SQL server (and the appliance) potentially slowing down your accounting acknowledgement replies. Beware though, the size of the journal should not get ever above ~100kB (well for us at least)...if it does, it means FreeRADIUS cannot process your accounting traffic due to some internal error (either out of disk space, bad SQL syntax/error, etc) and the journal will just keep growing until everything comes falling down. The journal growing without me noticing has hit us several times (badness on my part with dodgy SQL I send at my poor postgresql server) so it is on the books either to NAGIOS monitor it or send me an email alert from a cronjob. Cheers -- Alexander Clouter .sigmonster says: Specifications subject to change without notice. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
