Hi Alan
Thanks for the quick reply. I believe I've accomplished what I wanted to do.
I've set 'auth' to undefined in the log{} section of radiusd.conf, created
another instance of the linelog module called linelog_REJECT in which I set the
reference to %{reply:Packet-Type}, and then added 'linelog_REJECT' to the
'Post-Auth-Type REJECT' section within the default site config file. My remote
syslog server is now only receiving 'Rejected access: someLoginName' messages.
Thank you for your help.
On Feb 14, 2012, at 12:06 PM, Alan DeKok wrote:
Ian Ehrenwald wrote:
Hello
I am using FreeRADIUS 2.1.9-3 on CentOS 6.0. I am sending all syslog output
to a remote rsyslog server (and have local1.* assigned to RADIUS in
rsyslogd.conf). I want to log only auth failures, not successful logins.
Is there an easy way to do this? I don't want to use a SQL backing store
for this project since that is what is holding the syslog data on the remote
machine anyway. 'auth = yes' logs everything, 'auth = no' logs nothing, and
I don't want to see/store the good/bad passwords, so 'auth_badpass' and
'auth_goodpass' aren't an option. I'm sure I'm not the only person who has
wanted to do this, but I can't find anything on the freeradius-users list.
Any help? Thanks.
Patch the source.
Or, use rlm_linelog, in the Post-Auth-Type Reject section.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ian Ehrenwald, Linux Systems Administrator
TripAdvisor, LLC, 141 Needham St, Newton, MA 02464
978-328-7816 (mobile) / 617-795-7716 (desk)
iehrenw...@tripadvisor.com / (Sent from my MacBook Pro)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html