auth and detail logs into json format?

J E H A N Z A I B jehanzaib.kiani at gmail.com
Thu Apr 26 00:32:11 CEST 2018 

Thank you cedric,

I have just installed rlm_rest module (/usr/lib64/freeradius/rlm_rest.so)

i added in my linelog  (i will just start from auth logs for now)

linelog linelog_postauth {
    format = "%t linelog_postauth \%{Packet-Type} connecting for
%{jsonquote:%{User-Name}} (%{Packet-Type})"
    filename = ${logdir}/linelog_json
    permissions = 0604
    reference = "messages.%{%{reply:Packet-Type}:-format}"
                messages {
                Access-Reject =
"{\"Datetime\":\"%t\",\"Module_Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:Packet-Type}\",\"requestID\":\"%n\",\"User-Name\":\"%{jsonquote:%{User-Name}}\",\"Realm\":\"%{Realm}\",\"Reject-Cause\":\"%{jsonquote:%{%{session-state:Module-Failure-Message}:-%{Module-Failure-Message}}}\",\"NAS-IP-Address\":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\",\"Service-Type\":\"%{Service-Type}\",\"Framed-MTU\":\"%{Framed-MTU}\",\"State\":\"%{State}\",\"Class\":\"%{Class}\",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"Session-Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"%{Idle-Timeout}\",\"Termination-Action\":\"%{Termination-Action}\",\"Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling-Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}\",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Challenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit\":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"
                Access-Challenge =
"{\"Datetime\":\"%t\",\"Module_Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:Packet-Type}\",\"requestID\":\"%n\",\"User-Name\":\"%{jsonquote:%{User-Name}}\",\"Realm\":\"%{Realm}\",\"NAS-IP-Address\":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\",\"Service-Type\":\"%{Service-Type}\",\"Framed-Protocol\":\"%{Framed-Protocol}\",\"Framed-IP-Address\":\"%{Framed-IP-Address}\",\"Framed-IP-Netmask\":\"%{Framed-IP-Netmask}\",\"Framed-Routing\":\"%{Framed-Routing}\",\"Filter-Id\":\"%{Filter-Id}\",\"Framed-MTU\":\"%{Framed-MTU}\",\"Framed-Compression\":\"%{Framed-Compression}\",\"Login-IP-Host\":\"%{Login-IP-Host}\",\"Login-Service\":\"%{Login-Service}\",\"Login-TCP-Port\":\"%{Login-TCP-Port}\",\"Reply-Message\":\"%{Reply-Message}\",\"Callback-Number\":\"%{Callback-Number}\",\"Callback-Id\":\"%{Callback-Id}\",\"Framed-Route\":\"%{Framed-Route}\",\"Framed-IPX-Network\":\"%{Framed-IPX-Network}\",\"State\":\"%{State}\",\"Class\":\"%{Class}\",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"Session-Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"%{Idle-Timeout}\",\"Termination-Action\":\"%{Termination-Action}\",\"Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling-Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}\",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Challenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit\":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"
               }
}


The error i am getting is

  # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
/etc/raddb/mods-enabled/linelog[131]: Failed parsing expanded string:
/etc/raddb/mods-enabled/linelog[131]: ...uth \%{Packet-Type} connecting for
%{jsonquote:%{User-Name}} (%{Packet-Type})
/etc/raddb/mods-enabled/linelog[131]:
^ Unknown module

looks like the module is not loaded. do i need to load specifically
somewhere in the radius ?



On Tue, Apr 24, 2018 at 8:03 PM, cedric delaunay <
cedric.delaunay at univ-rennes1.fr> wrote:

> Hi,
> Here is how we did on our server :
>
> enabled rest module (for jsonquote) with all options disabled
> enabled linelog module with specific submodule by request type :
> ex :
>
> linelog {
> ...
> # logging in a uniq file
>         filename = ${logdir}/linelog
> ...
> linelog linelog_postauth {
>     format = "%t linelog_postauth \%{Packet-Type} non reconnu for
> %{jsonquote:%{User-Name}} (%{Packet-Type})"
>     filename = ${logdir}/linelog_json
>     permissions = 0604
>     #reference = "%{%{Packet-Type}:-format}"
>     reference = "messages.%{%{reply:Packet-Type}:-format}"
>         messages {
> #Original #         Access-Reject = "%t log_postauth %{reply:Packet-Type}
> for %{User-Name} Calling-Station-Id=%{Calling-Station-Id}
> NAS=%{NAS-IDentifier}"
> Access-Reject = "{\"Datetime\":\"%t\",\"Module
> _Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:
> Packet-Type}\",\"requestID\":\"%n\",\"User-Name\":\"%{
> jsonquote:%{User-Name}}\",\"Realm\":\"%{Realm}\",\"Reject-
> Cause\":\"%{jsonquote:%{%{session-state:Module-Failure-
> Message}:-%{Module-Failure-Message}}}\",\"NAS-IP-Address\
> ":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\",\"
> Service-Type\":\"%{Service-Type}\",\"Framed-MTU\":\"%{
> Framed-MTU}\",\"State\":\"%{State}\",\"Class\":\"%{Class}\
> ",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"Session-
> Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"%{Idle-T
> imeout}\",\"Termination-Action\":\"%{Termination-Action}\",\
> "Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling
> -Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier
> \":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}
> \",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-
> LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{
> Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-
> AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{
> Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{
> Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Chal
> lenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit
> \":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"
>
> #Original           Access-Challenge = "%t log_postauth Sent challenge:
> %{User-Name} Calling-Station-Id=%{Calling-Station-Id}
> NAS=%{NAS-IDentifier}"
> Access-Challenge = "{\"Datetime\":\"%t\",\"Module
> _Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:
> Packet-Type}\",\"requestID\":\"%n\",\"User-Name\":\"%{
> jsonquote:%{User-Name}}\",\"Realm\":\"%{Realm}\",\"NAS-IP-
> Address\":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\"
> ,\"Service-Type\":\"%{Service-Type}\",\"Framed-Protocol\":\"
> %{Framed-Protocol}\",\"Framed-IP-Address\":\"%{Framed-IP-Add
> ress}\",\"Framed-IP-Netmask\":\"%{Framed-IP-Netmask}\",\"
> Framed-Routing\":\"%{Framed-Routing}\",\"Filter-Id\":\"%{
> Filter-Id}\",\"Framed-MTU\":\"%{Framed-MTU}\",\"Framed-
> Compression\":\"%{Framed-Compression}\",\"Login-IP-
> Host\":\"%{Login-IP-Host}\",\"Login-Service\":\"%{Login-Serv
> ice}\",\"Login-TCP-Port\":\"%{Login-TCP-Port}\",\"Reply-Mess
> age\":\"%{Reply-Message}\",\"Callback-Number\":\"%{Callback
> -Number}\",\"Callback-Id\":\"%{Callback-Id}\",\"Framed-
> Route\":\"%{Framed-Route}\",\"Framed-IPX-Network\":\"%{
> Framed-IPX-Network}\",\"State\":\"%{State}\",\"Class\":\"%{
> Class}\",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"
> Session-Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"
> %{Idle-Timeout}\",\"Termination-Action\":\"%{Termination-Action}\",\"
> Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling
> -Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier
> \":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}
> \",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-
> LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{
> Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-
> AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{
> Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{
> Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Chal
> lenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit
> \":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"
>  }
> ...
> }
>
> linelog log_accounting {
> ...
>     Accounting-Request {
>          Start = "{\"Datetime\":\"%t\",\"Module
> _Name\":\"log_accounting\",\"Packet-Type\":\"Accounting-
> start\",\"Acct-Status-Type\":\"%{Acct-Status-Type}\",\"NAS-
> IP-Address\":\"%{NAS-IP-Address}\",\"User-Name\":\"%{
> jsonquote:%{User-Name}}\",\"Acct-Session-Id\":\"%{Acct-
> Session-Id}\",\"Framed-IP-Address\":\"%{Framed-IP-
> Address}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Cisco-
> AVPair\":\"%{Cisco-AVPair}\",\"VLAN\":\"%{Tunnel-Private-
> Group-Id:0}\",\"Tunnel-Type\":\"%{Tunnel-Type:0}\",\"Tunnel-
> Medium-Type\":\"%{Tunnel-Medium-Type:0}\",\"Calling-
> Station-Id\":\"%{Calling-Station-Id}\",\"Called-Station-Id\":\"%{Called-
> Station-Id}\",\"Event-Timestamp\":\"%{Event-Timestamp}\",\"
> Acct-Unique-Session-Id\":\"%{Acct-Unique-Session-Id}\",\"
> Stripped-User-Name\":\"%{Stripped-User-Name}\",\"Realm\":\"%{Realm}\"}"
>
>                                 Stop = "{\"Datetime\":\"%t\",\"Module
> _Name\":\"log_accounting\",\"Packet-Type\":\"Accounting-
> stop\",\"Acct-Status-Type\":\"%{Acct-Status-Type}\",\"NAS-
> IP-Address\":\"%{NAS-IP-Address}\",\"User-Name\":\"%{
> jsonquote:%{User-Name}}\",\"Acct-Session-Id\":\"%{Acct-
> Session-Id}\",\"Framed-IP-Address\":\"%{Framed-IP-
> Address}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Cisco-
> AVPair\":\"%{Cisco-AVPair}\",\"VLAN\":\"%{Tunnel-Private-
> Group-Id:0}\",\"Tunnel-Type\":\"%{Tunnel-Type:0}\",\"Tunnel-
> Medium-Type\":\"%{Tunnel-Medium-Type:0}\",\"Acct-Input-
> Octets\":\"%{Acct-Input-Octets}\",\"Acct-Output-Octets\":\"%{Acct-Output-
> Octets}\",\"Acct-Input-Packets\":\"%{Acct-Input-Packets}\",\
> "Acct-Output-Packets\":\"%{Acct-Output-Packets}\",\"Acct-
> Terminate-Cause\":\"%{Acct-Terminate-Cause}\",\"Acct-
> Session-Time\":\"%{Acct-Session-Time}\",\"Acct-Delay-
> Time\":\"%{Acct-Delay-Time}\",\"Calling-Station-Id\":\"%{
> Calling-Station-Id}\",\"Called-Station-Id\":\"%{
> Called-Station-Id}\",\"Event-Timestamp\":\"%{Event-Timestamp
> }\",\"Acct-Unique-Session-Id\":\"%{Acct-Unique-Session-Id}\"
> ,\"Stripped-User-Name\":\"%{Stripped-User-Name}\",\"Realm\":\"%{Realm}\"}"
>
>                                 Interim-Update =
> "{\"Datetime\":\"%t\",\"Module_Name\":\"log_accounting\",\"
> Packet-Type\":\"Accounting-update\",\"Acct-Status-Type\":
> \"%{Acct-Status-Type}\",\"NAS-IP-Address\":\"%{NAS-IP-
> Address}\",\"User-Name\":\"%{jsonquote:%{User-Name}}\",\"
> Acct-Session-Id\":\"%{Acct-Session-Id}\",\"Framed-IP-
> Address\":\"%{Framed-IP-Address}\",\"NAS-Identifier\":
> \"%{NAS-Identifier}\",\"Cisco-AVPair\":\"%{Cisco-AVPair}\",\
> "VLAN\":\"%{Tunnel-Private-Group-Id:0}\",\"Tunnel-Type\":
> \"%{Tunnel-Type:0}\",\"Tunnel-Medium-Type\":\"%{Tunnel-
> Medium-Type:0}\",\"Acct-Input-Octets\":\"%{Acct-Input-
> Octets}\",\"Acct-Output-Octets\":\"%{Acct-Output-
> Octets}\",\"Acct-Input-Packets\":\"%{Acct-Input-Packets}\",\
> "Acct-Output-Packets\":\"%{Acct-Output-Packets}\",\"Acct-
> Session-Time\":\"%{Acct-Session-Time}\",\"Acct-Delay-
> Time\":\"%{Acct-Delay-Time}\",\"Calling-Station-Id\":\"%{
> Calling-Station-Id}\",\"Called-Station-Id\":\"%{
> Called-Station-Id}\",\"Event-Timestamp\":\"%{Event-Timestamp
> }\",\"Acct-Unique-Session-Id\":\"%{Acct-Unique-Session-Id}\"
> ,\"Stripped-User-Name\":\"%{Stripped-User-Name}\",\"Realm\":\"%{Realm}\"}"
>        }
> }
>
>
> Calling linelog modules in site conf
>
> post-auth {
>         ...
>         linelog_postauth
>         ...
> }
>
> accounting {
>         ...
>         log_accounting
>         ...
> }
>
>
> Use nxlog to send logs to graylog/elasticsearch server
>
> /etc/nxlog.conf
> <Extension gelf>
>     Module      xm_gelf
> </Extension>
>
> <Extension json>
>     Module      xm_json
> </Extension>
>
> <Input linelog_json>
>     Module      im_file
>     File        '/var/log/radius/linelog_json'
>     SavePos TRUE
>     ReadFromLast TRUE
>     Exec        parse_json();
> </Input>
>
> <Output out1>
>     Module      om_tcp
>     Host        1.2.3.4
>     Port        12201
>     OutputType  GELF_TCP
> </Output>
>
> Maybe not the best way to do but that do the job
> That's it ;)
> Cédric
>
>
>
>
>
>
>
> Le 24/04/2018 à 08:03, Arran Cudbard-Bell a écrit :
>
>>
>> On Apr 24, 2018, at 12:48 PM, J E H A N Z A I B <
>>> jehanzaib.kiani at gmail.com> wrote:
>>>
>>> Hi folks,
>>>
>>> Is there anyway i can get auth-detail , linelog and detail logs into json
>>> instead of plain text ?
>>>
>> You can write your linelog formats as json as use %{jsonquote:} to escape
>> any special chars in the values.
>>
>> You will need the rlm_rest module loaded in order to get access to the
>> jsonquote xlat expansion.
>>
>> -Arran
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
>> /users.html
>>
>
>
> --
> Cédric Delaunay                 Direction des Systèmes d'Informations
> Equipe Réseau & Telephonie      263, Avenue du Général Leclerc
> Tel: 02 23 23 71 59             CS 74205 - 35042 Rennes Cedex
>
> Pour toute demande utiliser l'aide et assistance via l'ENT à l'adresse
> http://ent.univ-rennes1.fr
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>



-- 
Regards,
Jehanzaib

More information about the Freeradius-Users mailing list