how to get linelog() see see packet-types other than access-request

2013-05-08 Thread Jeff Smith 
Hello,

I've got a freeradius server 2.2.0 configured to process requests, and now
I'd like to add some logging that would look something like this:

Wed May  8 14:53:16 2013 Access-Request for a...@purdue.edu from MAC
address (Calling-Station-Id) 84-3a-4b-0c-46-44 NAS lwsn-b143-wism2-11

I actually have that working, but would like for linelog to also log a line
for packet types access-challenge, access-accept, and access-reject.  My
/opt/freeradius/etc/raddb/modules/linelog has:

reference = "%{%{Packet-Type}:-format}"

#
#  Followed by a series of log messages.
Access-Request = "%t %{Packet-Type} for %{User-Name} from MAC
address (Calling-Station-Id) %{Calling-Station-Id} NAS %{NAS-IDentifier}"
Access-Reject = "Rejected access: %{User-Name}
Calling-Station-Id=%{Calling-Station-Id} NAS=%{NAS-IDentifier}"
Access-Challenge = "Sent challenge: %{User-Name}
Calling-Station-Id=%{Calling-Station-Id} NAS=%{NAS-IDentifier}"
Access-Accept = "Accepted access: %{User-Name}
Calling-Station-Id=%{Calling-Station-Id} NAS=%{NAS-IDentifier}"

That is, slight changes from the examples given.

I've added calls to linelog to the following sections in
sites-enabled/default and sites-enabled/inner-tunnel:
authorize
authenticate
preacct
accounting
post-auth
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to get linelog() see see packet-types other than access-request

2013-05-08 Thread Phil Mayers 

On 08/05/2013 20:09, Jeff Smith wrote:

Hello,

I've got a freeradius server 2.2.0 configured to process requests, and
now I'd like to add some logging that would look something like this:

Wed May  8 14:53:16 2013 Access-Request for a...@purdue.edu
 from MAC address (Calling-Station-Id)
84-3a-4b-0c-46-44 NAS lwsn-b143-wism2-11

I actually have that working, but would like for linelog to also log a
line for packet types access-challenge, access-accept, and


Can't easily be done for Access-Challenge I'm afraid. The server doesn't 
pass them through post-auth.



access-reject.  My /opt/freeradius/etc/raddb/modules/linelog has:


The easiest way is to define another instance of the linelog module, and 
use "Response-Packet-Type" in the format of the 2nd module, and call 
that in any "response" sections. If this offends your sensibilities, you 
can wrap the two linelog modules in a "policy" like so:


policy {
  mylog.authorize {
linelog1
  }
  mylog.post-auth {
linelog2
  }
}

...then call "mylog". This can be useful for other reasons e.g. using 
unlang to format attributes before calling the linelog module, and is 
what we do.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to get linelog() see see packet-types other than access-request

2013-05-09 Thread Jeff Smith 
Phil Mayer,

Thanks very much for you help on this!

Jeff


On Wed, May 8, 2013 at 3:42 PM, Phil Mayers  wrote:

> On 08/05/2013 20:09, Jeff Smith wrote:
>
>> Hello,
>>
>> I've got a freeradius server 2.2.0 configured to process requests, and
>> now I'd like to add some logging that would look something like this:
>>
>> Wed May  8 14:53:16 2013 Access-Request for a...@purdue.edu
>>  from MAC address (Calling-Station-Id)
>>
>> 84-3a-4b-0c-46-44 NAS lwsn-b143-wism2-11
>>
>> I actually have that working, but would like for linelog to also log a
>> line for packet types access-challenge, access-accept, and
>>
>
> Can't easily be done for Access-Challenge I'm afraid. The server doesn't
> pass them through post-auth.
>
>  access-reject.  My /opt/freeradius/etc/raddb/**modules/linelog has:
>>
>
> The easiest way is to define another instance of the linelog module, and
> use "Response-Packet-Type" in the format of the 2nd module, and call that
> in any "response" sections. If this offends your sensibilities, you can
> wrap the two linelog modules in a "policy" like so:
>
> policy {
>   mylog.authorize {
> linelog1
>   }
>   mylog.post-auth {
> linelog2
>   }
> }
>
> ...then call "mylog". This can be useful for other reasons e.g. using
> unlang to format attributes before calling the linelog module, and is what
> we do.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html 
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

re: RE: how to get linelog() see see packet-types other than access-request

2013-05-08 Thread Jeff Smith 
Argh.  Please accept my apologies -- I accidentally sent the previous
message before I had finished composing it.

Jeff
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html