<html><body><div><font size=2 color=navy face=Arial>
First, you need to make sure the "client" (switch, not host) is providing that info.</font></div>
<br><div><hr size=2 width="100%" align=center tabindex=-1>
<font face=Tahoma size=2>
<b>From</b>: freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org <freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org>
<br><b>To</b>: freeradius-users@lists.freeradius.org <freeradius-users@lists.freeradius.org>
<br><b>Sent</b>: Fri Mar 19 18:05:35 2010<br><b>Subject</b>: log_badlogins include SRC IP Address
<br></font><br></div>
<p><font size="2">Hi,</font><br>
<font size="2">I am trying to configure the log_badlogins to include the src IP address of the client host.</font><br>
<font size="2">I am noticing that in the radius.log does not include the src IP.</font><br>
<br>
<font size="2">Example.</font><br>
<font size="2">Fri Mar 19 15:11:39 2010 : Auth: Login incorrect: [jack] (from client testswitch port 0)</font><br>
<br>
<font size="2">Does anyone know how to change either radius or syslog-ng to include the src ip of the host that is attempting to break in?</font><br>
<br>
<br>
<font size="2">-Eric </font><br>
<font size="2"><br>
</font>
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
</body></html>