Re: Logging based on port request came in on

Walt Reynolds <waltr@umich.edu> · Fri, 02 Mar 2007 06:56:35 -0500

Date: Wed, 28 Feb 2007 19:35:48 +0000
From: Phil Mayers <p.mayers@imperial.ac.uk>
Subject: Re: Logging based on port request came in on
To: FreeRadius users mailing list
	<freeradius-users@lists.freeradius.org>
Message-ID: <45E5D994.2070801@imperial.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Walt Reynolds wrote:

Hello,

I have freeradius 1.1.2 set up to listen on both ports 1812/1813 and 

1645/1646.  This is simply to separate user and admin login.  What I 

would like to do is to add logging based on the port.  I could add  

%{NAS-Port-Type} to the Detail such as:

detailfile = ${radacctdir}/%{NAS-Port-Type}/auth-detail-%Y%m%d

The problem with doing this as it uses the string "Wireless-802.11" or 

"Virtual".  I would instead like to use the port the request came in on 

NAS-Port-Type is, as you've discovered, the port type of the session 

being authenticated/accounted

(1812 or 1645) or even modify that string value.  I tried to add the 

string %(request:Packet-Dst-Port) (from the 

dictionary.freeradius.internal) in the detailfile, but comes back blank.

Since it is in this dictionary, is there something I would have to do

You'll need a sufficiently recent version of the server for that to 

work, and IIRC the "preprocess" module needs to be run (you should 

always run it)

Well, I am using 1.1..2 version of Freeradius.  I also am preprocessing, 

though I am not sure that would be needed here.  As this is a variable 

defined in the dictionary file, I was under the impression that I could 

use it.

Either way, here is the section from the config:

        preprocess {
                huntgroups = ${confdir}/huntgroups
                hints = ${confdir}/hints
                with_cisco_vsa_hack = yes
        }

I had added this to the hints files as well, but did not seem do anything:

Am I misreading this in some way.  I assume that internally freeradius 

knows what port the request came in on.

What version are you running?

1.1.2

--
Walt Reynolds
Principle Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438