I have a requirement to get successful and failed radius authentication logs from FreeRADIUS to a SIEM for audit purposes. I have updated the config to log to syslog, but I need more information than is currently appearing.
Example: Sep 29 10:40:56 radiusserver radiusd[13806]: Login incorrect: [azbycx] (from client ScreenNets port 0) Is there a way to syslog the username, client-ip-addres and calling-station-id that appears in radacct? Alternately, is there a way to send radacct to syslog instead of the file system? In my ideal world, all of the information currently recorded for radacct would be logged to the SIEM but I'm not sure how to best achieve that. I've been through the documentation and just am not finding an obvious way to change what information is sent to syslog. Any help/suggestions would be much appreciated. Tremaine Lea Network Security Consultant Intrepid ACL "Paranoia for hire" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html