Re: Logging attributes to the regular log
Frank Bulk - iNAME wrote:
> I'll do my best to ignore the abrasive comments.
Since you make a point of talking about them, I can explain. Very few
people CC me on posts to the list, and every time they get told that I
still read the list. Almost no one sets "return receipt requested",
because it's rude to do so.
> I'm not in the position that I can edit the source code. Is there is a
> feature request form that you can point me to? This is something that I
> would benefit many others, too.
bugs.freeradius.org.
> Yes, ISC's DHCP is different, but it's a core networking service just like
> DNS. Functionality built into one may suggest a feature capability
> appreciated by the broader sysadmins out there.
Quite frankly, FreeRADIUS is more feature-rich than the ISC server.
The ISC server doesn't include plugins to SQL, LDAP, Perl, Python. It
isn't modular. And it doesn't do RADIUS. (FreeRADIUS does DHCP).
> 'rlm_linelog' doesn't appear to have much documentation -- can someone point
> me in the right direction?
Configure it:
linelog {
filename = ${logdir}/
format = "Login OK for %{User-Name} on %{NAS-Port-Id} ..."
}
Then list "linelog" anywhere you want the log message to be written
(post-auth, etc.)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Logging attributes to the regular log
I'll do my best to ignore the abrasive comments. I'm not in the position that I can edit the source code. Is there is a feature request form that you can point me to? This is something that I would benefit many others, too. Yes, ISC's DHCP is different, but it's a core networking service just like DNS. Functionality built into one may suggest a feature capability appreciated by the broader sysadmins out there. 'rlm_linelog' doesn't appear to have much documentation -- can someone point me in the right direction? Frank -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Saturday, July 19, 2008 12:23 PM To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: Logging attributes to the regular log Frank Bulk - iNAME wrote: ... > According to my NAS' documentation, that longish number is a > bit-representation of an interface. Rather than figure out how to call some > external module to re-write that value into something that looks like "port > #/#/VP/VC", which seems to be more complex, I would like to print the value > of "NAS-Port-Id(87) which contains the same information. Edit the source code. > ISC's DHCP is very powerful -- in the configuration file you can define what > is logged. See: > http://marc.info/?l=dhcp-users&m=121369168201304&w=2 > for an example. That's nice. It's a completely different piece of software. > Any ideas? Use rlm_linelog to log the information you want to a log file. The authentication log message is just the default. You can always suppress it, and log exactly the information you want using another module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging attributes to the regular log
Don't CC me on posts to the list. I *do* read the list, if you hadn' already noticed. And DON'T set "return receipt requested". It's annoying. I generally delete all email which has that set. Frank Bulk - iNAME wrote: ... > According to my NAS' documentation, that longish number is a > bit-representation of an interface. Rather than figure out how to call some > external module to re-write that value into something that looks like "port > #/#/VP/VC", which seems to be more complex, I would like to print the value > of "NAS-Port-Id(87) which contains the same information. Edit the source code. > ISC's DHCP is very powerful -- in the configuration file you can define what > is logged. See: > http://marc.info/?l=dhcp-users&m=121369168201304&w=2 > for an example. That's nice. It's a completely different piece of software. > Any ideas? Use rlm_linelog to log the information you want to a log file. The authentication log message is just the default. You can always suppress it, and log exactly the information you want using another module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Logging attributes to the regular log
Alan: I'll do my best to explain. Currently our NAS is returning the NAS-Port and FreeRADIUS is logging it like this: Fri Jul 18 13:09:52 2008 : Auth: Login OK: [khj] (from client dslam port 1073873726) Fri Jul 18 13:09:55 2008 : Auth: Login OK: [dfsands6] (from client dslam port 1073873388) Fri Jul 18 13:10:37 2008 : Auth: Login OK: [s44] (from client dslam port 1073742057) According to my NAS' documentation, that longish number is a bit-representation of an interface. Rather than figure out how to call some external module to re-write that value into something that looks like "port #/#/VP/VC", which seems to be more complex, I would like to print the value of "NAS-Port-Id(87) which contains the same information. So, I would like the above output to look like this: Fri Jul 18 13:09:52 2008 : Auth: Login OK: [khj] (from client dslam NAS-Port-ID 2/0/12/313) Fri Jul 18 13:09:55 2008 : Auth: Login OK: [dfsands6] (from client dslam NAS-Port-ID 4/0/6/141) Fri Jul 18 13:10:37 2008 : Auth: Login OK: [s44] (from client dslam port NAS-Port ID 4/0/2/22) The last field is directly from the contents of NAS-Port-Id(87), without any manipulation. ISC's DHCP is very powerful -- in the configuration file you can define what is logged. See: http://marc.info/?l=dhcp-users&m=121369168201304&w=2 for an example. Any ideas? Frank -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Saturday, July 19, 2008 1:42 AM To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: Logging attributes to the regular log Frank Bulk wrote: > I scoured online and in the archives but I haven't found a solution to my > question: is there a way to log additional attributes, not unlike what's > done in ISC's DHCP logging? What do you mean by that? > I know that 'detail' logging is possible, but > those are stored in a separate file for each connection. The detail log doesn't store it's logs in a separate file for each connection. If you want that to happen, just configure it in the "detail" module. Make the file name depend on a per-connection attribute. > I just want to add > another parameter that the NAS sends to FreeRADIUS. Is that request related to the previous sentences? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging attributes to the regular log
Frank Bulk wrote: > I scoured online and in the archives but I haven't found a solution to my > question: is there a way to log additional attributes, not unlike what's > done in ISC's DHCP logging? What do you mean by that? > I know that 'detail' logging is possible, but > those are stored in a separate file for each connection. The detail log doesn't store it's logs in a separate file for each connection. If you want that to happen, just configure it in the "detail" module. Make the file name depend on a per-connection attribute. > I just want to add > another parameter that the NAS sends to FreeRADIUS. Is that request related to the previous sentences? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
