So what 'rest of the documentation' should I look at. I guess I am not seeing how I should know that the "auth_log" is a variant of the "detail" module. I am hoping i can get a better understanding of the documentations so I would not have to ask questions in the future. So for this example I saw the following: 1. Note in changelog about suppress 2. Section under 'detail' in radiusd.conf file with supress option commented out. So I now understand that I should be able to suppress information from any of the detail sections by adding an additional suppress line under that module subsection. Is this something that I should have understood to start with or is there documentation that I did not see and should read? ===================== Date: Fri, 23 Jun 2006 11:11:21 -0400 From: "Alan DeKok" <aland@nitros9.org> Subject: Re: Freeradius-Users Digest, Vol 14, Issue 95 To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <20060623151121.6DF4216E49@mail.nitros9.org> Walter Reynolds <waltr@umich.edu> wrote:
Now the question is what example config file had the suppress stanza under the detail auth_log section as well? Mine just listed it under the detail section so I did not know I needed to put it in both places.
The rest of the documentation explains how the modules are set up. The "auth_log" module is a variant of the "detail" module. Nothing is different except the name, and the options you put into it's configuration. Alan DeKok. ======================
Date: Thu, 22 Jun 2006 20:15:54 +0100 From: A.L.M.Buxey@lboro.ac.uk Subject: Re: So how do you suppress To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <20060622191554.GC23362@lboro.ac.uk> Content-Type: text/plain; charset=us-ascii
Hi,
So how do I actually suppress the user password from the detail log based on this? Looking at the rlm_detail file and I might as well be looking at a foreign language.
you can, for example, do somthing like this in radiusd.conf
# Write a detailed log of all accounting records received. # detail { # Note that we do NOT use NAS-IP-Address here, as # that attribute MAY BE from the originating NAS, and # blah blah blah detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600 suppress { User-Password }
}
detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y% m%d
detailperm = 0600 suppress { User-Password }
}
its SO much easier if you read the example config files that come with the new release as they often contain HOW to use a feature/option/argument :-)
alan
-- Walter Reynolds University of Michigan