Hello Jeremy -
You would use the PacketTrace parameter in the clauses in which you want the
trace 4 logging (have a look at the PacketTrace sections in the manual).
Note that it is *much* easier to do this sort of thing with Radar.
http://www.open.com.au/radar
regards
Hugh
On Tue, 30 Apr 2002 14:05, Jeremy Burton wrote:
> ok, thats all good, and i have a much cleaner config file now...
> but one more question - i can't get packet logs unless I have Global
> logging at trace 4. whats the recommended way to handle the situation where
> I only want level 3 logs globally, but want packet dumps for a particular
> few AuthBy clauses.
> would having 2 global loggers, one at level 3 and one at level 4 running,
> with the level 4 logger pointing to some form of null, and the using
> something along the lines of what is suggested below to get the packets
> work?
> or am i misunderstanding again the way in which this works (ie the
> availability of the packet logs at any level below global)?
>
> thanks
>
> jeremy
>
> On Mon, Apr 29, 2002 at 06:22:23PM +1000, Hugh Irvine wrote:
> > Hello Jeremy -
> >
> > You are correct - if you put a <Log FILE> inside an object - you only get
> > the logging for that object.
> >
> > It is generally preferable to use Identifiers for this sort of thing:
> >
> > <AuthBy GROUP>
> > <Log FILE>
> > Identifer MyLogger
> > Filename .....
> > Trace ...
> > </Log>
> > </AuthBy>
> >
> > <AuthBy ....>
> > Identifier MyAuthBy
> > .....
> > Log MyLogger
> > .....
> > </AuthBy>
> >
> > <Handler ....>
> > AuthBy MyAuthBy
> > .....
> > </Handler>
> >
> > This makes it *much* easier to understand and maintain.
> >
> > NB - the <Log FILE> is defined inside an AuthBy GROUP so it does not
> > become another global logger.
> >
> > TFAP (tricks for advanced players)
> >
> > :-)
> >
> > regards
> >
> > Hugh
> >
> > BTW - you can now use Radar with Radiator 3.0 to do much, much more than
> > was ever possible previously with traces and debugging.
> >
> > http://www.open.com.au/radar
> >
> > On Mon, 29 Apr 2002 17:18, Jeremy Burton wrote:
> > > Hi Hugh,
> > > If you look closely in the two files, one of them does indeed include
> > > all logging (the global logfile). The second one *only* contains the
> > > following line for each request:
> > >
> > > Mon Apr 29 17:10:32 2002: DEBUG: Handling with Radius::AuthGROUP
> > >
> > > and nothing more.... it is the details for the AuthGROUP that i am
> > > indeed after (which should be in here, given that the <Log FILE></Log>
> > > is contained within the <AuthBy GROUP></AuthBy> and not any other
> > > <AuthBy> stuff...)
> > > a little more probing has found that if I then go and put a <Log
> > > FILE></Log> into the <AuthBy FILE></AuthBy> I get that info.. so am i
> > > misinterpreting that the <Log FILE> isn't inherited by the "children"
> > > authby's of an <AuthBy GROUP>?
> > >
> > > Thanks
> > >
> > > Jeremy
> > >
> > > On Mon, Apr 29, 2002 at 04:37:01PM +1000, Hugh Irvine wrote:
> > > > Hello Jeremy -
> > > >
> > > > There are a few things wrong with the configuration file, but you
> > > > should be getting two different logfiles:
> > > >
> > > > /etc/raddb/logfile.testing-normal
> > > >
> > > > and
> > > >
> > > > %D/logfile.testing-adsl
> > > >
> > > > where %D = /etc/raddb
> > > >
> > > > The first one should contain everything, and the second one should
> > > > contain a subset corresponding to the <Realm adsl>.
> > > >
> > > > I have just been testing this here and it works correctly with the
> > > > configuration file that I will attach to this mail.
> > > >
> > > > BTW - here is the ls -l log*:
> > > >
> > > > ls -l log*
> > > > -rw-r--r-- 1 root root 14994 Apr 29 16:32 logfile
> > > > -rw-r--r-- 1 root root 195 Apr 29 16:31
> > > > logfile.testing-adsl
> > > >
> > > >
> > > > regards
> > > >
> > > > Hugh
> > > >
> > > > On Mon, 29 Apr 2002 15:59, Jeremy Burton wrote:
> > > > > Hi All,
> > > > > I've just upgraded from Radiator 2.17.1 to Radiator 3.0.
> > > > > I am trying to log different parts of the config to different log
> > > > > files, and am having no luck at all - everything just ends up in
> > > > > the global logfile. Attached is my config file - this isn't
> > > > > actually my main config file, but a smaller one which replicates
> > > > > the problem. Also I'll attach the default entries for the
> > > > > users.dialup and users.adsl... Basically, anyone know why I'm only
> > > > > getting one log file, not two, as i would expect from the
> > > > > additional <Log FILE></Log> directive?
> > > > >
> > > > > radius.cfg:
> > > > >
> > > > > # $Revision: 1.7 $
> > > > > # $Date: 2001/06/28 08:31:35 $
> > > > > #
> > > > > #Foreground
> > > > > #LogStdout
> > > > > Trace 3
> > > > >
> > > > > # NOTE: Anywhere that
> > > > > # PreHandlerHook sub { ${$_[0]}->add_attr('Client-Port-DNIS',
> > > > > '55555550');} # appears is so that eXtremes can log onto analogue
> > > > > equipment..
> > > > >
> > > > > PidFile /etc/raddb/radiusd.testing.pid
> > > > > AuthPort 1645
> > > > > AcctPort 1646
> > > > > LogDir /var/radacct
> > > > > LogFile /etc/raddb/logfile.testing-normal
> > > > > DbDir /etc/raddb
> > > > > DictionaryFile /etc/raddb/dictionary.ascend
> > > > >
> > > > > <Client 210.15.210.5>
> > > > > FramedGroupBaseAddress 10.200.0.0
> > > > > Secret XXXXXXXXX
> > > > > DupInterval 10
> > > > > </Client>
> > > > >
> > > > > <Realm WhoShotAdsl>
> > > > > # You can group multiple AuthBy methods with AuthBy GROUP
> > > > > <AuthBy GROUP>
> > > > > Identifier AdslSystem
> > > > > AuthByPolicy ContinueWhileAccept
> > > > > <AuthBy SQL>
> > > > > # AuthSelect with empty string means dont do auth
> > > > > AuthSelect SELECT password,
>radius.check_items_new('%n', '%N',
> > > > > '%{Client-Port-DNIS}'), radius.reply_items_new('%n', '%N') FROM
> > > > > SA.Clients, sa.adsl where username = '%n' and adsl.userid =
> > > > > clients.userid AuthColumnDef 0, User-Password, check
> > > > > AuthColumnDef 1, GENERIC, check
> > > > > AuthColumnDef 2, GENERIC, reply
> > > > > DBSource dbi:Oracle:SOME_SID
> > > > > DBUsername SOME_USER
> > > > > DBAuth SOME_PASS
> > > > > AccountingTable
> > > > > Timeout 10000
> > > > > FailureBackoffTime 300
> > > > > </AuthBy>
> > > > > </AuthBy>
> > > > > </Realm>
> > > > >
> > > > > <Realm WhoShotWho>
> > > > > # You can group multiple AuthBy methods with AuthBy GROUP
> > > > > <AuthBy GROUP>
> > > > > Identifier System
> > > > > AuthByPolicy ContinueWhileAccept
> > > > > <AuthBy SYSTEM>
> > > > > UseGetspnam
> > > > > </AuthBy>
> > > > > <AuthBy SQL>
> > > > > # AuthSelect with empty string means dont do auth
> > > > > AuthSelect SELECT radius.check_items_new('%n',
>'%N',
> > > > > '%{Client-Port-DNIS}'), radius.reply_items_new('%n', '%N') FROM
> > > > > SA.Clients where username = '%n' AuthColumnDef 0, GENERIC, check
> > > > > AuthColumnDef 1, GENERIC, reply
> > > > > DBSource dbi:Oracle:SOME_SID
> > > > > DBUsername SOME_USER
> > > > > DBAuth SOME_PASS
> > > > > AccountingTable
> > > > > Timeout 10000
> > > > > FailureBackoffTime 300
> > > > > </AuthBy>
> > > > > </AuthBy>
> > > > > </Realm>
> > > > >
> > > > > <Realm adsl>
> > > > > RejectHasReason
> > > > > RewriteUsername s/\@adsl//
> > > > > AcctLogFileName %L/adsl/%C/%v%f-%i-%H
> > > > > PasswordLogFileName /etc/raddb/password.adsl
> > > > > <AuthBy GROUP>
> > > > > AuthByPolicy ContinueWhileAccept
> > > > > <Log FILE>
> > > > > Trace 3
> > > > > Filename %D/logfile.testing-adsl
> > > > > </Log>
> > > > > <AuthBy RADIUS>
> > > > > NoForwardAuthentication
> > > > > Host secondhost.seconddomain.com
> > > > > Secret XXXXXXXXX
> > > > > </AuthBy>
> > > > > <AuthBy FILE>
> > > > > Filename %D/users.adsl
> > > > > </AuthBy>
> > > > > </AuthBy>
> > > > > </Handler>
> > > > >
> > > > > <Handler Realm=>
> > > > > RejectHasReason
> > > > > AuthByPolicy ContinueWhileIgnore
> > > > > AcctLogFileName %L/%C/%v%f-%i-%H
> > > > > <AuthBy GROUP>
> > > > > <AuthBy FILE>
> > > > > Filename %D/users.check
> > > > > </AuthBy>
> > > > > <AuthBy FILE>
> > > > > Filename %D/users.dialup
> > > > > </AuthBy>
> > > > > </AuthBy>
> > > > > </Handler>
> > > > >
> > > > > users.dialup:
> > > > > DEFAULT Auth-Type = System
> > > > >
> > > > > users.adsl:
> > > > > DEFAULT Auth-Type = AdslSystem
> > > > >
> > > > > thanks
> > > > >
> > > > > Jeremy
> > > >
> > > > --
> > > > Radiator: the most portable, flexible and configurable RADIUS server
> > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > > -
> > > > Nets: internetwork inventory and management - graphical, extensible,
> > > > flexible with hardware, software, platform and database independence.
> > > >
> > > > LogDir .
> > > > DbDir .
> > > >
> > > > Trace 4
> > > > Foreground
> > > > LogStdout
> > > >
> > > > <Client localhost>
> > > > Secret mysecret
> > > > DupInterval 0
> > > > </Client>
> > > >
> > > > <Realm adsl>
> > > > RejectHasReason
> > > > <AuthBy GROUP>
> > > > AuthByPolicy ContinueWhileAccept
> > > > <Log FILE>
> > > > Trace 4
> > > > Filename %D/logfile.testing-adsl
> > > > </Log>
> > > > <AuthBy FILE>
> > > > Filename %D/users.adsl
> > > > </AuthBy>
> > > > </AuthBy>
> > > > </Realm>
> > > >
> > > > <Realm>
> > > > <AuthBy FILE>
> > > > Filename %D/users
> > > > </AuthBy>
> > > > </Realm>
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
