How to log failed login attempts?

tnt at kalik.net tnt at kalik.net
Tue Mar 24 12:00:02 CET 2009


>i am using FreeRADIUS 2.0.5. Successfull logins into cisco routers are
>logged great (using Accounting), but i need to log also the failed
>attempts. In /var/log/radius.log radius does log the failed attempts,
>BUT if in clients.conf i have created client as 10.0.0.0/8 (a network,
>not a host), then in the log file i will see the NAS ip address
>10.0.0.0/8, which is not enough. I need to see the exact NAS ip address.
>It would be insane to add every single router into the clients.conf
>file, so i assume there is a way how to solve this.
>

Logging failed attempts is a very bad idea. You are opening yourself to
denial of service attack.

You can list perl in Post-Auth-Type REJECT and log Client-IP-Address to
radius.log from perl. Linelog module probably works in post-auth as well.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list