Disable accounting logging

Patrick Oberli patrick.oberli at ost.ch
Fri Jun 4 15:16:52 CEST 2021 

Hello Alan

Sorry, wasn't aware that there are different kinds of accounting logs. The logs that were filling the disk and which I forgot to mention in the previous mail (sorry!) were under /var/log/freeradius/radacct/.
Anyway thanks for your answer, that actually helped me finding what to look out for in the debug log.

Surprise surprise, I had to disable the lines marked with "# if you want detailed logging" under post-auth, pre-proxy and post-proxy. 
So the configuration looks like this now (if anybody else needs this for his eduroam configuration in the future):


server eduroam {
        listen {
                type = "auth"
                ipaddr = *
                port = 0
        }
        listen {
                type = "acct"
                ipaddr = *
                port = 0
        }
        listen {
                type = "auth"
                ipv6addr = ::
                port = 0
        }
        listen {
                type = "acct"
                ipv6addr = ::
                port = 0
        }

        authorize {
                # only use filter_username from version > 3.0.7 on
                filter_username
                update request {
                        Operator-Name := "1domain.tld" #adjust for your domain
                        # the literal number "1" above is an important prefix! Do not change it!
                }
                # if you want detailed logging
                auth_log
                suffix
        }

        authenticate {
        }

        preacct {
                suffix
        }

        accounting {
        }

        post-auth {
                # if you want detailed logging
                #reply_log
                Post-Auth-Type REJECT {
                #        reply_log
                }
        }
 
        pre-proxy {
                # if you want detailed logging
                #pre_proxy_log
                if("%{Packet-Type}" != "Accounting-Request") {
                        attr_filter.pre-proxy
                }
                update proxy-request {
                         NAS-Port-Type := 19
                }
        }
 
        post-proxy {
                # if you want detailed logging
                #post_proxy_log
                attr_filter.post-proxy
        }
}


The lines from the debug output that helped me:

  # Loaded module rlm_detail
  # Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  detail auth_log {
        filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
        header = "%t"
        permissions = 384
        locking = no
        escape_filenames = no
        log_packet_header = no
  }
  # Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  detail reply_log {
        filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
        header = "%t"
        permissions = 384
        locking = no
        escape_filenames = no
        log_packet_header = no
  }
  # Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  detail pre_proxy_log {
        filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
        header = "%t"
        permissions = 384
        locking = no
        escape_filenames = no
        log_packet_header = no
  }
  # Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  detail post_proxy_log {
        filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
        header = "%t"
        permissions = 384
        locking = no
        escape_filenames = no
        log_packet_header = no



Kind regards
Patrick


-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+patrick.oberli=ost.ch at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: Freitag, 4. Juni 2021 14:50
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Disable accounting logging

On Jun 4, 2021, at 8:27 AM, Patrick Oberli <patrick.oberli at ost.ch> wrote:
> I'm currently trying to disable accounting logging on a Freeradius 3.0 installation, which I exclusively use as an eduroam radius proxy (https://wiki.geant.org/display/H2eduroam/freeradius-sp).
> On my old 2.x installation I did not get any accounting logging, but I don't know why it is generated now in 3.0.
> My configuration of the sites-enabled/eduroam is exactly as shown at that site. The accounting section looks like this:
>        accounting {
>        }

  That's nice.  See http://wiki.freeradius.org/list-help

  We don't need to see configuration files.  We need to see debug output.

> The accounting log is now filling my disk

  WHAT accounting log?  The server can produce many different kinds of outputs.  If you know what logs are produced, you know what module produced them.  And then you know how to disable them.

> (it's also not compressed, unlike the radius.log file). I don't need the accounting logs as there should be no accounting at all.
> The only other link in sites-enabled is the default file. I did uncomment the word "detail" in the accounting section there and restarted the service, but it continued to log accounting information.

  If only there was some kind of debug output which could help here.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list