Correlating request and accept/reject log?
Alan DeKok
aland at deployingradius.com
Fri Mar 31 14:05:45 CEST 2017
On Mar 31, 2017, at 3:55 AM, jm+freeradiususer at roth.lu wrote:
>
> Hmm, you mean "%I" (request ID)? (-->
> https://wiki.freeradius.org/config/run_time_variables)
No.
> How would you include it? The ID is present neither in my auth nor
> reply/reject log. I tried using "header = ..." but Freeradius just started
> rejecting everything after that.
What does that mean? Vague comments like this are distinctly unhelpful. "I tried stuff, but it didn't work... what's wrong?"
i.e. There is simply no way to give you any advice on "fixing stuff". It's just too vague
> Ideally one would have one log entry (or even inject into SQL), with one
> entry per event (all the info present in the request + the decision
> whether it was accepted or rejected...)
That's easy to do
> --- Auth detail:
>
> detail auth_log {
> filename =
> ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
See all of the %-things here? Add %n. It's that easy. Each request will be logged to it's own filename.
> detail reply_log {
> filename =
> ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
> permissions = 0600
> }
Add %n here, too.
> detail reject_log {
> filename =
> ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reject-detail-%Y%m%d
And here.
Alan DeKok.
More information about the Freeradius-Users
mailing list