v1.1.3 - Logging Levels / Syslog / logging passwords

[Lin Richardson]

Hello All,

I've been working to configure logging as an aide to supporting our
Freeradius installation.

I'm familiar with logging level flags -x and -xx, as well as the big debug
-X flag.
My first observation is that ALL of these flags output to console by
default.  Is there any way to make the -xx or -x log to the logfile?

I have toyed with setting logdir to 'syslog' in the radiusd.conf file.
Alan said in a note to the list on Sept 6 that this feature didn't work in
1.1.3, but would in 2.0
I find it actually works pretty well IF you use the -x -xx or -X flag.  The
output that usually goes to the screen (most of it anyway) gets dumped to
the syslog on my Solaris box just fine.  It must be because either stderr or
stdout get redirected to syslog, but not both.  The actual requests still
scroll on the console.  I figure I can use      >/dev/null 2>&1 &   or some
variant to kill the output still going to console and background the
process...

All of this is good, because I WANT a very verbose log file... my only
problem is that user passwords are logged in clear text as part of the
output - specifically from the pap module.  This presents a security
problem.  (Never mind why I'm using clear text pap if I'm concerned with
security.)

Is there any way to squish the user password in the -xx output?  Are there
any hidden/undocumented setting for radiusd.conf that do that?

suggestions from those who know?

I seem to recall seeing a related thread a few weeks back, but cannot find
it... my apologies in advance if this is repetitive.

Regards,
Lin Richardson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060928/636d3f14/attachment.html>