[Simple-evcorr-users] SEC input is Radius Detail

Tue, 25 Jan 2011 18:12:44 -0800 

I am interested in following Radius Detail records as a log input 
source.  They are vertically aligned with attributes as 'tag = value' 
pairs.  Are there any best practices for parsing such types of input 
with SEC?  I tried using RegexpN, but found a number of the records were 
variable - some had other attributes that were being tracked, causing 
the number of lines to be somewhat inconsistent.  In short, the parsing 
looked pretty gross.  What words of wisdom can anyone impart for this 
kind of 'log' data?

Please advise,
Tim Peiffer

Mon Jan 24 23:33:38 2011
         User-Name = "JoeUser"
         NAS-Port = 70496256
         Service-Type = Framed-User
         Framed-Protocol = PPP
         Framed-IP-Address = 10.10.3.125
         Called-Station-Id = "10.21.217.82"
         Calling-Station-Id = "172.16.29.46"
         Acct-Status-Type = Start
         Acct-Delay-Time = 2
         Acct-Session-Id = "B1A039A3"
         Acct-Authentic = RADIUS
         NAS-Port-Type = Virtual
         Tunnel-Client-Endpoint = 172.16.29.46
         NAS-IP-Address = 192.168.249.28
         Timestamp = 1295933616

Tue Jan 25 01:15:57 2011
         User-Name = "JoeUser"
         NAS-Port = 70496256
         Service-Type = Framed-User
         Framed-Protocol = PPP
         Framed-IP-Address = 10.10.3.125
         Called-Station-Id = "10.21.217.82"
         Calling-Station-Id = "172.16.29.46"
         Acct-Status-Type = Stop
         Acct-Delay-Time = 2
         Acct-Input-Octets = 13855207
         Acct-Output-Octets = 56621822
         Acct-Session-Id = "B1A039A3"
         Acct-Authentic = RADIUS
         Acct-Session-Time = 6139
         Acct-Input-Packets = 66890
         Acct-Output-Packets = 84696
         Acct-Terminate-Cause = User-Request
         NAS-Port-Type = Virtual
         Tunnel-Client-Endpoint = 172.16.29.46
         NAS-IP-Address = 192.168.249.28
         Timestamp = 1295939755

-- 
Tim Peiffer
Network Support Engineer
Office of Information Technology
University of Minnesota/NorthernLights GigaPOP

+1 612 626-7884 (desk)


------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to