Question on Radius logs
Hi All, Real quick and I am sure easy question here. I read through the unlang man page, really helped in getting a clue. One thing I was wondering though, is there a way to output text to the log based on a condition? What I mean is something like if x!=y then printf( x did not equal y). This would be for debugging and log review. Currently we use Cisco ACS, which with all it's limitations the one thing that is great about it is it's pass/fail logs. Our techs use them all the time to diagnose problems. If I could inject text strings into the logs when certain issues occur it would make it a lot easier to figure out scripts as well as make common issues easier for techs to troubleshoot. From what I can tell in the unlang man page it did not mention this, perhaps I missed it though. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
--On Tuesday, February 01, 2011 08:41:54 -0800 Brett Littrell blittr...@musd.org wrote: Hi All, Real quick and I am sure easy question here. I read through the unlang man page, really helped in getting a clue. One thing I was wondering though, is there a way to output text to the log based on a condition? What I mean is something like if x!=y then printf( x did not equal y). This would be for debugging and log review. Currently we use Cisco ACS, which with all it's limitations the one thing that is great about it is it's pass/fail logs. Our techs use them all the time to diagnose problems. If I could inject text strings into the logs when certain issues occur it would make it a lot easier to figure out scripts as well as make common issues easier for techs to troubleshoot. From what I can tell in the unlang man page it did not mention this, perhaps I missed it though. Hi Brett, It sounds like the linelog module may do what you need, in conjunction with unlang for the conditionals: https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/modules/linelog Regards, James -- James J J Hooper Network Specialist Information Services University of Bristol http://www.wireless.bristol.ac.uk -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
Hi James, That looks perfect for the tech logs, thanks. The debugging side was a little different, I was thinking about inputting text strings in the middle of unlang scripts. Usually when I write say a C program I will pop in a lot of printf's with variables so I know what a variable is in a program, well use to anyway debuggers make that to easy now to waste time on it. For freeradius I was not sure if there was similar functionality. I am guessing there is not, I was kind of thinking it may be a stretch to add something like that in a config file. Thanks for the linelog module, that will really help a lot!!. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Tuesday, February 01, 2011 at 9:02 AM, in message 57DE4B8C2C2D9555B06A9046@valium, James J J Hooper jjj.hoo...@bristol.ac.uk wrote: --On Tuesday, February 01, 2011 08:41:54 -0800 Brett Littrell blittr...@musd.org wrote: Hi All, Real quick and I am sure easy question here. I read through the unlang man page, really helped in getting a clue. One thing I was wondering though, is there a way to output text to the log based on a condition? What I mean is something like if x!=y then printf( x did not equal y). This would be for debugging and log review. Currently we use Cisco ACS, which with all it's limitations the one thing that is great about it is it's pass/fail logs. Our techs use them all the time to diagnose problems. If I could inject text strings into the logs when certain issues occur it would make it a lot easier to figure out scripts as well as make common issues easier for techs to troubleshoot. From what I can tell in the unlang man page it did not mention this, perhaps I missed it though. Hi Brett, It sounds like the linelog module may do what you need, in conjunction with unlang for the conditionals: https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/modules/linelog Regards, James -- James J J Hooper Network Specialist Information Services University of Bristol http://www.wireless.bristol.ac.uk -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
Hi, as James says...unlang with linelog module.. if you want to do more, then thats easy too - just use PERL module and use unlang with a call to a logging PERL module - the world is your oyster at that stage regarding what you can do - with your printf's etc :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
Thanks Alan, Did not think about calling the perl module, that should work very well... thanks Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Tuesday, February 01, 2011 at 10:15 AM, in message 20110201181525.ga9...@lboro.ac.uk, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, as James says...unlang with linelog module.. if you want to do more, then thats easy too - just use PERL module and use unlang with a call to a logging PERL module - the world is your oyster at that stage regarding what you can do - with your printf's etc :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
The debugging side was a little different, I was thinking about inputting
text strings in the middle of unlang scripts
If you run radiusd -X you will see the output of expansions, so you can do
if (DEBUG: I am looking at %{foo} and %{bar}) {
}
and you'll see the text in the log. Experimentation suggests that the
closing brace can't be on the same line as the opening brace though.
Actually, there is a %{debug:} expansion, but it just sets the debug level
to the (integer) argument, and doesn't actually send a debug message.
Setting the Reply-Message attribute can be useful for debugging too.
HTH,
Brian.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
Brett Littrell wrote: For freeradius I was not sure if there was similar functionality. I am guessing there is not, I was kind of thinking it may be a stretch to add something like that in a config file. See radmin, and raddebug. They can print full debugging logs for a particular user, while the server is running in daemon mode. *Much* more useful than printf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
