Out and into tunnel log files

Sergio Belkin sebelk at gmail.com
Tue Sep 1 15:23:46 CEST 2009 

2009/8/31 Sergio Belkin <sebelk at gmail.com>:
> Hi,
>
> I have configured three virtual servers: "default", "inner" (uses
> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel"
> attempts go to "default server" log files.
>
> cron performs a daily  task that more or less perform something like that:
>
> grep OK /var/log/radius/radiusd-*-$date.log | awk '{print $10}' | sort
> -fu | wc -l
>
> That way I get how many users could get an Access-Accept. Well I've
> found that that is not right. Because some supplicant can send
> different identities into and out of tunnel. So I'd like to use:
>
> grep OK /var/log/radius/radiusd-inner*-$date.log | awk '{print $10}' |
> sort -fu | wc -l
>
> But I've found that some "OK" are sent to default server log file. So
> I can't get right statistic. Please could you help to do it? Below are
> debug info:
>

Please I beg you that give me an idea what I am failing.

I clarifiy a bit: But I've found that some "OK" are sent to default
server log file *only*.  and nothing to inner tunnel log files.

I don't understand why if I have on radiusd.conf

log {
        destination = files
        file = ${logdir}/radius.log
        requests =
${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log
        syslog_facility = daemon
        stripped_names = yes
        auth = yes
        auth_badpass = no
        auth_goodpass = no
}

on debug messages *only* appears:

log {
       stripped_names = yes
       auth = yes
       auth_badpass = no
       auth_goodpass = no
 }


Now I am using requests =
${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log but I don't
know if it is right because ${logdir}/radiusd-%DEFAULT}-%Y%m%d.log
from DEFAULT server (out of tunnel) are not generated at all, and they
were useful because showed the Mac Address of supplicant.


If you want to see more of my config you can do it on:

http://pastebin.com/m65441172

-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -

More information about the Freeradius-Users mailing list