On 28 Aug 2013, at 23:39, Andrej <andrej.gro...@gmail.com> wrote: > I would like f_ticks to write out a single line into syslog that > contains the inner and outer > identity of an authentication request, the station ID and MAC address. > > In case of a successful authentication or rejection I'd like to have > the inner identity and a status on a line,
We do this by using lots of custom linelog instances. In linelog.conf (just a few examples): linelog acceptlog { filename = "/var/log/radius/auth-%D.log" format = "%S (%l) id %I ACCEPT %{User-Name} (station %{%{Calling-Station -Id}:--}) auth-type %{control:Auth-Type}/%{EAP-Type} realm %{%{Realm}:--} nas %{ %{NAS-IP-Address}:-%{%{NAS-IPv6-Address}:--}-}/%{%{NAS-Port}:--} (operator %{%{O perator-Name}:--}) client %{%{Packet-Src-IP-Address}:-%{%{Packet-Src-IPv6-Addres s}:--}} (%{Client-Shortname}) ap '%{%{UCam-AP-Name}:--}' essid '%{%{UCam-Essid-N ame}:--}' => %{%{reply:User-Name}:--} reply-msg '%{reply:Reply-Message}'" } linelog inner-acceptlog { filename = "/var/log/radius/auth-%D.log" format = "%S (%l) id %I INNER-TUNNEL ACCEPT %{User-Name} (station %{%{ou ter.request:Calling-Station-Id}:--}) outer-id %{outer.request:User-Name} auth-ty pe %{outer.control:Auth-Type}/%{outer.request:EAP-Type}/%{control:Auth-Type} rea lm %{%{Realm}:--} nas %{%{outer.request:NAS-IP-Address}:-%{%{outer.request:NAS-I Pv6-Address}:--}}/%{%{outer.request:NAS-Port}:--} (operator %{%{outer.request:Op erator-Name}:--}) client %{%{Packet-Src-IP-Address}:-%{%{Packet-Src-IPv6-Address }:--}} (%{Client-Shortname}) ap '%{%{outer.request:UCam-AP-Name}:--}' essid '%{% {outer.request:UCam-Essid-Name}:--}' => %{%{reply:User-Name}:--} reply-msg '%{re ply:Reply-Message}'" } linelog proxy-replylog { filename = "/var/log/radius/auth-%D.log" format = "%S (%l) id %I PROXY REPLY %{User-Name} (station %{%{Calling-St ation-Id}:--}) auth-type /%{EAP-Type} realm %{%{Realm}:--} nas %{%{NAS-IP-Addres s}:-%{%{NAS-IPv6-Address}:--}-}/%{%{NAS-Port}:--} (operator %{%{Operator-Name}:- -}) client %{%{Packet-Src-IP-Address}:-%{%{Packet-Src-IPv6-Address}:--}} (%{Clie nt-Shortname}) proxy %{%{proxy-reply:Packet-Src-IP-Address}:-%{%{proxy-reply:Pac ket-Src-IPv6-Address}:--}} proxy-reply-type %{proxy-reply:Packet-Type} proxy-rep ly-msg '%{proxy-reply:Reply-Message}' => %{%{proxy-reply:User-Name}:--}" } We call them as follows: [default] post-proxy { ... proxy-replylog ... } post-auth { ... acceptlog ... } [inner-tunnel] post-auth { ... inner-acceptlog ... } There are some references to %{UCam-AP-Name} and things in there -- we set these with things like: if ("%{Aruba-Location-Id}") { update request { UCam-AP-Name := "%{Aruba-Location-Id}" UCam-Essid-Name := "%{Aruba-Essid-Name}" } } ... they let us not refer to the direct Aruba attributes and would allow us to more easily add another wireless system (we used to have Cisco but migrated away) - if we had to move again, we don't have lots of Cisco-specific bits all over the place. Note that the attributes are defined in 'dictionary'. The above stuff will give lines like: 2013-08-29 10:53:02 (1377769982) id 175 INNER-TUNNEL ACCEPT rc...@cam.ac.uk (station 0015AF81CEB3) outer-id @cam.ac.uk auth-type EAP/PEAP/EAP realm LOCAL nas 131.111.1.20/0 (operator 1lapwing.cam.ac.uk) client 131.111.1.20 (erri...@lapwing.cam.ac.uk) ap '00:24:6c:c3:24:fd' essid 'eduroam' => rcf34 reply-msg '[cam.ac.uk] Successful authentication <ACCEPT>' [example from inner-acceptlog.] Hope this helps, - Bob -- Bob Franklin <rc...@cam.ac.uk> +44 1223 748479 Network Division, University of Cambridge Computing Service - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html