On Tue, Jun 20, 2017 at 02:30:06PM +0000, Wussler, Doug wrote:
In “radiusd.conf” the “log {}” section defines radius log processing. In particular, “msg_goodpass” and “msg_badpass” allow you to add arbitrary info to your log records through the expansion of custom variables. Our config looks like this:
log { destination = files file = ${logdir}/radius.log auth = yes msg_goodpass = "%{SSID} %{Aruba-Location-Id} %{Aruba-AP-Group} %{Aruba-Device-Type} %{reply:VLAN}" msg_badpass = "%{SSID} %{Aruba-Location-Id} %{Aruba-AP-Group} %{Aruba-Device-Type}" }
Not directly answering your question, but I would forget about using the log{} section to do this, and configure and use the linelog module instead. That's the recommended way of doing this.
Is there some reason why we would want Post-Auth Accept to run BEFORE log processing but Post-Auth-Type Reject to run AFTER log processing? It seems like we would want our Post-Auth processing to occur in the same sequence relative to expanding and writing the log record no matter whether we get an Accept or a Reject.
Put linelog in the post-auth sections wherever you want it, and the sequence will be fixed. -- Matthew