Yeah, doing things a bit backwards. I'll be looking to upgrade to 2.1.1 as soon as reasonable. I'm hoping that's sooner rather than later. It appears in the short term I can read the radacct log files into the SIEM by parsing the entries into discrete fields. Kind of sub-optimal, but it'll get me moving for now and I can hopefully upgrade into a better logging position shortly. Thanks for the reply! Tremaine Lea Network Security Consultant Intrepid ACL "Paranoia for hire" On 29 September 2011 11:42, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 29 Sep 2011, at 18:51, Tremaine Lea wrote:
I have a requirement to get successful and failed radius authentication logs from FreeRADIUS to a SIEM for audit purposes. I have updated the config to log to syslog, but I need more information than is currently appearing.
Example: Sep 29 10:40:56 radiusserver radiusd[13806]: Login incorrect: [azbycx] (from client ScreenNets port 0)
Is there a way to syslog the username, client-ip-addres and calling-station-id that appears in radacct? Alternately, is there a way to send radacct to syslog instead of the file system? In my ideal world, all of the information currently recorded for radacct would be logged to the SIEM but I'm not sure how to best achieve that.
I've been through the documentation and just am not finding an obvious way to change what information is sent to syslog.
Any help/suggestions would be much appreciated.
Upgrade.
Use the rlm_linelog module :)
1.1.3 was released five years ago, i'm not sure what you're wanting is possible in a 1.* version and even if it was i'm not sure anyone would remember how to configure it...
Arran Cudbard-Bell a.cudbardb@freeradius.org
Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html