Freeradius 3.0.17 and elasticsearch

Bassem Mettichi mettichi at gmail.com
Mon May 14 18:58:14 CEST 2018


Hello,

i have imported the dashbord on kibana but i have this error message:

Could not locate that visualization (id:
RADIUS-accounting-packets-histogram)
Could not locate that visualization (id: RADIUS-unique-User-Name-by-day)
Could not locate that visualization (id:
RADIUS-table-topN-data-transferred-by-User-Name)


my config file look like this:  logstash-radius.conf   under
/opt/freeradius/share/logstash


input {
        file {
                path => "/opt/freeradius/logs/detail"

                # Note when testing that logstash will remember where
                # it got to and continue from there.
                start_position => "beginning"

                # Set the type, for below.
                type => radiusdetail



                codec => multiline {
                        pattern => "^\t"
                        negate => false
                        what => "previous"
                }


   filter {

        if [type] == "radiusdetail" {

                # Pull off the timestamp at the start of the
                # detail record. Note there may be additional data
                # after it that has been added by the local admin,
                # so stop at a newline OR a tab.

                grok {
                        match => [ "message",
"^(?<timestamp>[^\n\t]+)[\n\t]" ]
                }

                # Create the @timestamp field.

                date {
                        match => [ "timestamp", "EEE MMM dd HH:mm:ss yyyy",
                                                "EEE MMM  d HH:mm:ss yyyy" ]
                }



                kv {
                        field_split => "\n"
                        source => "message"
                        trim => "\" "
                        trimkey => "\t "
                }





i have runned radius-mapping as described on the readme file:



./radius-mapping.sh
{"acknowledged":true}[root at buildfr logstash]#


then:



/usr/share/logstash/bin/logstash --path.settings=/etc/logstash -f
logstash-radius.conf

Sending Logstash's logs to /var/log/logstash which is now configured via
log4j2.properties elsaticsearch and freeradius are on the same server,
logstash is enabled and started.


root at buildfr logstash]# systemctl status logstash
● logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor
preset: disabled)
   Active: active (running) since Mon 2018-05-14 16:57:24 UTC; 18s ago
 Main PID: 24637 (java)


Best regards
Mettichi Bassem

2018-05-14 17:45 GMT+01:00 Alan Buxey <alan.buxey at gmail.com>:

> It's documented so which bits aren't working for you (so we can review/fix
> documentation)
>
> alan
>
> On Mon, 14 May 2018, 17:41 Bassem Mettichi, <mettichi at gmail.com> wrote:
>
> > Hello,
> >
> > any one has configured freeradius logs with elasticsearch? logstash?
> >
> > please could you share configuration steps?
> >
> >
> > Best regards
> > Mettichi Bassem
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list