ok, thats all good, and i have a much cleaner config file now... but one more question - i can't get packet logs unless I have Global logging at trace 4. whats the recommended way to handle the situation where I only want level 3 logs globally, but want packet dumps for a particular few AuthBy clauses. would having 2 global loggers, one at level 3 and one at level 4 running, with the level 4 logger pointing to some form of null, and the using something along the lines of what is suggested below to get the packets work? or am i misunderstanding again the way in which this works (ie the availability of the packet logs at any level below global)?
thanks jeremy On Mon, Apr 29, 2002 at 06:22:23PM +1000, Hugh Irvine wrote: > > Hello Jeremy - > > You are correct - if you put a <Log FILE> inside an object - you only get the > logging for that object. > > It is generally preferable to use Identifiers for this sort of thing: > > <AuthBy GROUP> > <Log FILE> > Identifer MyLogger > Filename ..... > Trace ... > </Log> > </AuthBy> > > <AuthBy ....> > Identifier MyAuthBy > ..... > Log MyLogger > ..... > </AuthBy> > > <Handler ....> > AuthBy MyAuthBy > ..... > </Handler> > > This makes it *much* easier to understand and maintain. > > NB - the <Log FILE> is defined inside an AuthBy GROUP so it does not become > another global logger. > > TFAP (tricks for advanced players) > > :-) > > regards > > Hugh > > BTW - you can now use Radar with Radiator 3.0 to do much, much more than was > ever possible previously with traces and debugging. > > http://www.open.com.au/radar > > > On Mon, 29 Apr 2002 17:18, Jeremy Burton wrote: > > Hi Hugh, > > If you look closely in the two files, one of them does indeed include > > all logging (the global logfile). The second one *only* contains the > > following line for each request: > > > > Mon Apr 29 17:10:32 2002: DEBUG: Handling with Radius::AuthGROUP > > > > and nothing more.... it is the details for the AuthGROUP that i am > > indeed after (which should be in here, given that the <Log FILE></Log> > > is contained within the <AuthBy GROUP></AuthBy> and not any other <AuthBy> > > stuff...) > > a little more probing has found that if I then go and put a <Log > > FILE></Log> into the <AuthBy FILE></AuthBy> I get that info.. so am i > > misinterpreting that the <Log FILE> isn't inherited by the "children" > > authby's of an <AuthBy GROUP>? > > > > Thanks > > > > Jeremy > > > > On Mon, Apr 29, 2002 at 04:37:01PM +1000, Hugh Irvine wrote: > > > Hello Jeremy - > > > > > > There are a few things wrong with the configuration file, but you should > > > be getting two different logfiles: > > > > > > /etc/raddb/logfile.testing-normal > > > > > > and > > > > > > %D/logfile.testing-adsl > > > > > > where %D = /etc/raddb > > > > > > The first one should contain everything, and the second one should > > > contain a subset corresponding to the <Realm adsl>. > > > > > > I have just been testing this here and it works correctly with the > > > configuration file that I will attach to this mail. > > > > > > BTW - here is the ls -l log*: > > > > > > ls -l log* > > > -rw-r--r-- 1 root root 14994 Apr 29 16:32 logfile > > > -rw-r--r-- 1 root root 195 Apr 29 16:31 > > > logfile.testing-adsl > > > > > > > > > regards > > > > > > Hugh > > > > > > On Mon, 29 Apr 2002 15:59, Jeremy Burton wrote: > > > > Hi All, > > > > I've just upgraded from Radiator 2.17.1 to Radiator 3.0. > > > > I am trying to log different parts of the config to different log > > > > files, and am having no luck at all - everything just ends up in the > > > > global logfile. Attached is my config file - this isn't actually my > > > > main config file, but a smaller one which replicates the problem. Also > > > > I'll attach the default entries for the users.dialup and users.adsl... > > > > Basically, anyone know why I'm only getting one log file, not two, as i > > > > would expect from the additional <Log FILE></Log> directive? > > > > > > > > radius.cfg: > > > > > > > > # $Revision: 1.7 $ > > > > # $Date: 2001/06/28 08:31:35 $ > > > > # > > > > #Foreground > > > > #LogStdout > > > > Trace 3 > > > > > > > > # NOTE: Anywhere that > > > > # PreHandlerHook sub { ${$_[0]}->add_attr('Client-Port-DNIS', > > > > '55555550');} # appears is so that eXtremes can log onto analogue > > > > equipment.. > > > > > > > > PidFile /etc/raddb/radiusd.testing.pid > > > > AuthPort 1645 > > > > AcctPort 1646 > > > > LogDir /var/radacct > > > > LogFile /etc/raddb/logfile.testing-normal > > > > DbDir /etc/raddb > > > > DictionaryFile /etc/raddb/dictionary.ascend > > > > > > > > <Client 210.15.210.5> > > > > FramedGroupBaseAddress 10.200.0.0 > > > > Secret XXXXXXXXX > > > > DupInterval 10 > > > > </Client> > > > > > > > > <Realm WhoShotAdsl> > > > > # You can group multiple AuthBy methods with AuthBy GROUP > > > > <AuthBy GROUP> > > > > Identifier AdslSystem > > > > AuthByPolicy ContinueWhileAccept > > > > <AuthBy SQL> > > > > # AuthSelect with empty string means dont do auth > > > > AuthSelect SELECT password, >radius.check_items_new('%n', '%N', > > > > '%{Client-Port-DNIS}'), radius.reply_items_new('%n', '%N') FROM > > > > SA.Clients, sa.adsl where username = '%n' and adsl.userid = > > > > clients.userid AuthColumnDef 0, User-Password, check > > > > AuthColumnDef 1, GENERIC, check > > > > AuthColumnDef 2, GENERIC, reply > > > > DBSource dbi:Oracle:SOME_SID > > > > DBUsername SOME_USER > > > > DBAuth SOME_PASS > > > > AccountingTable > > > > Timeout 10000 > > > > FailureBackoffTime 300 > > > > </AuthBy> > > > > </AuthBy> > > > > </Realm> > > > > > > > > <Realm WhoShotWho> > > > > # You can group multiple AuthBy methods with AuthBy GROUP > > > > <AuthBy GROUP> > > > > Identifier System > > > > AuthByPolicy ContinueWhileAccept > > > > <AuthBy SYSTEM> > > > > UseGetspnam > > > > </AuthBy> > > > > <AuthBy SQL> > > > > # AuthSelect with empty string means dont do auth > > > > AuthSelect SELECT radius.check_items_new('%n', >'%N', > > > > '%{Client-Port-DNIS}'), radius.reply_items_new('%n', '%N') FROM > > > > SA.Clients where username = '%n' AuthColumnDef 0, GENERIC, check > > > > AuthColumnDef 1, GENERIC, reply > > > > DBSource dbi:Oracle:SOME_SID > > > > DBUsername SOME_USER > > > > DBAuth SOME_PASS > > > > AccountingTable > > > > Timeout 10000 > > > > FailureBackoffTime 300 > > > > </AuthBy> > > > > </AuthBy> > > > > </Realm> > > > > > > > > <Realm adsl> > > > > RejectHasReason > > > > RewriteUsername s/\@adsl// > > > > AcctLogFileName %L/adsl/%C/%v%f-%i-%H > > > > PasswordLogFileName /etc/raddb/password.adsl > > > > <AuthBy GROUP> > > > > AuthByPolicy ContinueWhileAccept > > > > <Log FILE> > > > > Trace 3 > > > > Filename %D/logfile.testing-adsl > > > > </Log> > > > > <AuthBy RADIUS> > > > > NoForwardAuthentication > > > > Host secondhost.seconddomain.com > > > > Secret XXXXXXXXX > > > > </AuthBy> > > > > <AuthBy FILE> > > > > Filename %D/users.adsl > > > > </AuthBy> > > > > </AuthBy> > > > > </Handler> > > > > > > > > <Handler Realm=> > > > > RejectHasReason > > > > AuthByPolicy ContinueWhileIgnore > > > > AcctLogFileName %L/%C/%v%f-%i-%H > > > > <AuthBy GROUP> > > > > <AuthBy FILE> > > > > Filename %D/users.check > > > > </AuthBy> > > > > <AuthBy FILE> > > > > Filename %D/users.dialup > > > > </AuthBy> > > > > </AuthBy> > > > > </Handler> > > > > > > > > users.dialup: > > > > DEFAULT Auth-Type = System > > > > > > > > users.adsl: > > > > DEFAULT Auth-Type = AdslSystem > > > > > > > > thanks > > > > > > > > Jeremy > > > > > > -- > > > Radiator: the most portable, flexible and configurable RADIUS server > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > > - > > > Nets: internetwork inventory and management - graphical, extensible, > > > flexible with hardware, software, platform and database independence. > > > > > > LogDir . > > > DbDir . > > > > > > Trace 4 > > > Foreground > > > LogStdout > > > > > > <Client localhost> > > > Secret mysecret > > > DupInterval 0 > > > </Client> > > > > > > <Realm adsl> > > > RejectHasReason > > > <AuthBy GROUP> > > > AuthByPolicy ContinueWhileAccept > > > <Log FILE> > > > Trace 4 > > > Filename %D/logfile.testing-adsl > > > </Log> > > > <AuthBy FILE> > > > Filename %D/users.adsl > > > </AuthBy> > > > </AuthBy> > > > </Realm> > > > > > > <Realm> > > > <AuthBy FILE> > > > Filename %D/users > > > </AuthBy> > > > </Realm> > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. -- Jeremy Burton Database Administrator, Netspace Online Systems [EMAIL PROTECTED] [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.