sql_log in 3.0.10

Wegener, Norbert norbert.wegener at atos.net
Fri Oct 9 15:43:38 CEST 2015


Unfortunately this does not seem to work either.

In raddb/mods-config/sql/main/mysql/queries.conf I activated the log file:

post-auth {
    # Write SQL queries to a logfile. This is potentially useful for bulk inserts
    # when used with the rlm_sql_null driver.
    logfile = ${logdir}/post-auth.sql

In mods-available/sql  I tried with
        driver = "rlm_sql_null"
And with
        driver ="rlm_sql_mysql"

The logfile directive in sql has been  disabled in both cases  and does not appear when sql is processed:
radius -X
.....
.....
# Loading module "sql" from file /home/dop/tests/freeradius-server-3.0.10/etc/raddb/mods-enabled/sql^M
  sql {^M
    driver = "rlm_sql_mysql"^M
    server = "localhost"^M
    port = 0^M
    login = "radius"^M
    password = <<< secret >>>^M
    radius_db = "radius"^M
    read_groups = yes^M
    read_profiles = yes^M
    read_clients = no^M
    delete_stale_sessions = yes^M
    sql_user_name = "%{User-Name}"^M
    default_user_profile = ""^M
    client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"^M
.....
.....
(0) sql:    --> bob^M
(0) sql: SQL-User-Name set to 'bob'^M
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')^M
(0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'hello', 'Access-Accept', '2015-10-09 13:29:42')^M
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'hello', 'Access-Accept', '2015-10-09 13:29:42')^M
(0) sql: SQL query returned: success^M
(0) sql: 1 record(s) updated^M
rlm_sql (sql): Released connection (1)^M
(0)     [sql] = ok^M
(0)     [exec] = noop^M
(0)     policy remove_reply_message_if_eap {^M
(0)       if (&reply:EAP-Message && &reply:Reply-Message) {^M
(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE^M
(0)       else {^M
(0)         [noop] = noop^M
(0)       } # else = noop^M
(0)     } # policy remove_reply_message_if_eap = noop^M
(0)   } # post-auth = ok^M
(0) Sent Access-Accept Id 103 from 127.0.0.1:1812 to 127.0.0.1:45857 length 0^M

Grepping for post-auth.sql in the complete log does not provide a single match.
So, the result is the same as before: no log file

Norbert



-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+norbert.wegener=atos.net at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Friday, October 09, 2015 2:58 PM
To: FreeRadius users mailing list
Subject: Re: sql_log in 3.0.10

On Oct 9, 2015, at 8:49 AM, Wegener, Norbert <norbert.wegener at atos.net> wrote:
>
> Having used an ancient version of FR up to now I just look into 3.0.10. I started with a fresh install and activated sql in default, to get the functionality of the former sql_log module.
> Additionally I  enabled logfile in mods-available/sql and linked the file to mods-enabled.

  That's good.

>    # Write SQL queries to a logfile. This is potentially useful for tracing
>    # issues with authorization queries.
> logfile = ${logdir}/sqllog.sql

  OK.

> I hope the following part of the logs are sufficient. I did not want to post 900 lines here. If necessary I can provide the complete log.

  No, that's fine.

> Firering up radtest with bob and hello, I get an Access-Accept.
> I would have expected to see a line in the logfile now, but no logfile
> is to be found and also in the post-auth part of the radius' debug output I do not see any anything that looks like writing to a file, instead:

  Hmm... the logs are written to that file for accounting packets, and for %{sql:...} expansions, and for the post_auth section.

> (0) # Executing section post-auth from file /home/dop/tests/freeradius-server-3.0.10/etc/raddb/sites-enabled/default^M
> (0)   post-auth {^M
> (0)     update {^M
> (0)       No attributes updated^M
> (0)     } # update = noop^M
> (0) sql: EXPAND .query^M

  OK.

> The logfile will also not be written, when running radius in daemon mode.
> Do I have to change the config elsewhere for this ?

  No.  The code will have to be updated.

  In the mean time, you can can edit raddb/mods-config/main/mysql/queries.conf:

post-auth {
        # Write SQL queries to a logfile. This is potentially useful for bulk inserts
        # when used with the rlm_sql_null driver.
#       logfile = ${logdir}/post-auth.sql


  enable the "logfile" there, and it will work.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list