FreeRADIUS 1.1.3 syslog and radacct question
Tremaine Lea
tremaine at gmail.com
Thu Sep 29 18:51:05 CEST 2011
I have a requirement to get successful and failed radius
authentication logs from FreeRADIUS to a SIEM for audit purposes. I
have updated the config to log to syslog, but I need more information
than is currently appearing.
Example:
Sep 29 10:40:56 radiusserver radiusd[13806]: Login incorrect: [azbycx]
(from client ScreenNets port 0)
Is there a way to syslog the username, client-ip-addres and
calling-station-id that appears in radacct? Alternately, is there a
way to send radacct to syslog instead of the file system? In my ideal
world, all of the information currently recorded for radacct would be
logged to the SIEM but I'm not sure how to best achieve that.
I've been through the documentation and just am not finding an obvious
way to change what information is sent to syslog.
Any help/suggestions would be much appreciated.
Tremaine Lea
Network Security Consultant
Intrepid ACL
"Paranoia for hire"
More information about the Freeradius-Users
mailing list