Execute external script triggered by accounting request

[Alan DeKok]

On Jun 28, 2017, at 4:02 PM, Leandro <ingrogger at gmail.com> wrote:
> 
> Hi guys , I need to take device ip from accounting request packet, use this ip to run external script to grab some device parameters via ping and snmp.
> Im working on two methods , both have cons and advantages.
> 
> 1st Method: "perl module."
> So far I have the module working with a testing script but when I want to exec net::ping module it yelds that root privileges are needed.
> I tried "usermod -G root radiusd" to provide radiusd root privileges but have not success.
> Other consequence of this method could be to get a very large delay considering that every devices takes 5~7 secs to process and send the response back, so I think that it would be good also to run this external script in background.

  Yes.  That solution is not a good idea for precisely those reasons.

> 2nd Method " Tail the raddacct file"
> I can use a perl tail process to grab the "Framed_ip_address" from the accounting log file and execute the snmp and ping queries from outside the radius process
> Principal advantage could be that Im not adding extra delay to the radius accounting process.
> I wanted to know if is possible to change the accounting  logging behaviour in the following way:
>    Write always to /var/log/messages file (currently it writes to detail-YYYYMMDD file).
>    Select the fields and write them horizontally instead of writting them in column format.

  See raddb/mods-available/linelog.  You can write custom logs in a line-by-line format.

  Alan DeKok.