linelog best practice
Herwin Weststrate
herwin at quarantainenet.nl
Tue Jan 24 13:33:41 CET 2017
On 24-01-17 13:22, Matthew Newton wrote:
> "rlm_jsonlog" is something I've thought about for a while. Just
> not sure it's worth it. Might be if I can then use that to feed
> directly into elasticsearch and skip the logstash bit.
Actually, we've created something like that for a very specific use
case, never thought others would have a purpose for it. The source is
available at https://github.com/Quarantainenet/rlm_attr_log. It works by
sending JSON syslog, so it might need a few tweaks to work with ELK.
FreeRADIUS v4 contains a rlm_json module which would make it very
trivial, getting a JSON string of the request is as simple as:
fr_json_afrom_pair_list(NULL, &request->packet->vps, NULL);
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list