Hi Alan Thanks for the quick reply. I believe I've accomplished what I wanted to do. I've set 'auth' to undefined in the log{} section of radiusd.conf, created another instance of the linelog module called linelog_REJECT in which I set the reference to "%{reply:Packet-Type}", and then added 'linelog_REJECT' to the 'Post-Auth-Type REJECT' section within the default site config file. My remote syslog server is now only receiving 'Rejected access: someLoginName' messages. Thank you for your help.
On Feb 14, 2012, at 12:06 PM, Alan DeKok wrote: > Ian Ehrenwald wrote: >> Hello >> I am using FreeRADIUS 2.1.9-3 on CentOS 6.0. I am sending all syslog output >> to a remote rsyslog server (and have local1.* assigned to RADIUS in >> rsyslogd.conf). I want to log only auth failures, not successful logins. >> Is there an easy way to do this? I don't want to use a SQL backing store >> for this project since that is what is holding the syslog data on the remote >> machine anyway. 'auth = yes' logs everything, 'auth = no' logs nothing, and >> I don't want to see/store the good/bad passwords, so 'auth_badpass' and >> 'auth_goodpass' aren't an option. I'm sure I'm not the only person who has >> wanted to do this, but I can't find anything on the freeradius-users list. >> Any help? Thanks. > > Patch the source. > > Or, use rlm_linelog, in the "Post-Auth-Type Reject" section. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ian Ehrenwald, Linux Systems Administrator TripAdvisor, LLC, 141 Needham St, Newton, MA 02464 978-328-7816 (mobile) / 617-795-7716 (desk) iehrenw...@tripadvisor.com / (Sent from my MacBook Pro) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html