ram_sql module do not write sql requests into log file
Dear All, I'm quite new to this mailing list and I hope my question will be asked allright and that I will not need to eat my keyboard in order to stop posting in this mailing list;-) I'm currently trying to make the rim_sql run as I want. It's doing quite OK, but I'm having trouble to use the logfile configuration parameter in the sql configuration. As far I understood, this would log every sql requests in the file given in this argument. Basically I would like to have all requests logged in ${logdir}/sqllog.sql, mainly for debugging purpose. Unfortunatelly this is not working at all, the attribute is configured but nothing is written in the log file. I have also tried to touch the file manually in order to have it configured with the correct rights. I'm using following environment: CentOS 7 FreeRadius 3.0.4 Postgresql 9.2.15 When starting the server in debugging mode, it tells me that the attribute is configured with he file I want the information to be written into: [root@dev radius]# radiusd -X radiusd: FreeRADIUS Version 3.0.4, for host x86_64-redhat-linux-gnu, built on Mar 5 2015 at 23:41:36 Copyright (C) 1999-2014 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/raddb/dictionary including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/mods-enabled/ including configuration file /etc/raddb/mods-enabled/mschap including configuration file /etc/raddb/mods-enabled/eap including configuration file /etc/raddb/mods-enabled/expr including configuration file /etc/raddb/mods-enabled/unpack including configuration file /etc/raddb/mods-enabled/detail including configuration file /etc/raddb/mods-enabled/always including configuration file /etc/raddb/mods-enabled/detail.log including configuration file /etc/raddb/mods-enabled/attr_filter including configuration file /etc/raddb/mods-enabled/pap including configuration file /etc/raddb/mods-enabled/exec including configuration file /etc/raddb/mods-enabled/files including configuration file /etc/raddb/mods-enabled/chap including configuration file /etc/raddb/mods-enabled/preprocess including configuration file /etc/raddb/mods-enabled/sql including configuration file /etc/raddb/mods-config/sql/main/postgresql/queries.conf including files in directory /etc/raddb/policy.d/ including configuration file /etc/raddb/policy.d/accounting including configuration file /etc/raddb/policy.d/canonicalization including configuration file /etc/raddb/policy.d/control including configuration file /etc/raddb/policy.d/cui including configuration file /etc/raddb/policy.d/dhcp including configuration file /etc/raddb/policy.d/eap including configuration file /etc/raddb/policy.d/filter including configuration file /etc/raddb/policy.d/operator-name including configuration file /etc/raddb/policy.d/debug including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default main { security { user = "radiusd" group = "radiusd" allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = yes max_request_time = 30 cleanup_delay = 5 max_requests = 256 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = no msg_badpass = "" msg_goodpass = "" colourise = yes msg_denied = "You are already logged in - access denied" } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client aruba-vc { ipaddr = 192.168.55.9 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_mschap # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes passchange { } allow_retry = yes } # Loaded module rlm_eap # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no mod_accounting_username_bug = no max_sessions = 256 } # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_method = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = no virtual_server = "inner-tunnel" soh = no require_client_cert = no } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 ca_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" ca_file = "/etc/raddb/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Loaded module rlm_expr # Instantiating module "expr" from file /etc/raddb/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } # Loaded module rlm_unpack # Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack # Loaded module rlm_detail # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail detail { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Loaded module rlm_always # Instantiating module "reject" from file /etc/raddb/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file /etc/raddb/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file /etc/raddb/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file /etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file /etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file /etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_pap # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_exec # Instantiating module "exec" from file /etc/raddb/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_files # Instantiating module "files" from file /etc/raddb/mods-enabled/files files { filename = "/etc/raddb/mods-config/files/authorize" usersfile = "/etc/raddb/mods-config/files/authorize" acctusersfile = "/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy" compat = "cistron" } reading pairlist file /etc/raddb/mods-config/files/authorize [/etc/raddb/mods-config/files/authorize]:1 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:5 Cistron compatibility checks for entry DEFAULT ... reading pairlist file /etc/raddb/mods-config/files/authorize [/etc/raddb/mods-config/files/authorize]:1 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:5 Cistron compatibility checks for entry DEFAULT ... reading pairlist file /etc/raddb/mods-config/files/accounting reading pairlist file /etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_chap # Instantiating module "chap" from file /etc/raddb/mods-enabled/chap # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups" hints = "/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /etc/raddb/mods-config/preprocess/hints # Loaded module rlm_sql # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql sql { driver = "rlm_sql_postgresql" server = "localhost" port = "" login = "radius" password = <<< secret >>> radius_db = "radius" read_groups = no read_profiles = no read_clients = no delete_stale_sessions = yes sql_user_name = "%{User-Name}" logfile = "/var/log/radius/sqllog.sql" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority" simul_count_query = "" simul_verify_query = "" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } accounting { reference = "%{tolower:type.%{%{Acct-Status-Type}:-none}.query}" } post-auth { reference = ".query" } postgresql { send_application_name = yes } rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked rlm_sql (sql): Attempting to connect to database "radius" rlm_sql (sql): Initialising connection pool pool { start = 5 min = 4 max = 32 spare = 3 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 1 spread = no } rlm_sql (sql): Opening additional connection (0) rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='durango' application_name='FreeRADIUS 3.0.4 - radiusd (sql)' Connected to database 'radius' on 'localhost' server version 90215, protocol version 3, backend PID 21150 rlm_sql (sql): Opening additional connection (1) rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='durango' application_name='FreeRADIUS 3.0.4 - radiusd (sql)' Connected to database 'radius' on 'localhost' server version 90215, protocol version 3, backend PID 21151 rlm_sql (sql): Opening additional connection (2) rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='durango' application_name='FreeRADIUS 3.0.4 - radiusd (sql)' Connected to database 'radius' on 'localhost' server version 90215, protocol version 3, backend PID 21152 rlm_sql (sql): Opening additional connection (3) rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='durango' application_name='FreeRADIUS 3.0.4 - radiusd (sql)' Connected to database 'radius' on 'localhost' server version 90215, protocol version 3, backend PID 21153 rlm_sql (sql): Opening additional connection (4) rlm_sql_postgresql: Connecting using parameters: dbname='radius' host='localhost' user='radius' password='durango' application_name='FreeRADIUS 3.0.4 - radiusd (sql)' Connected to database 'radius' on 'localhost' server version 90215, protocol version 3, backend PID 21154 } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf } # server server default { # from file /etc/raddb/sites-enabled/default # Loading authenticate {...} # Loading authorize {...} # Loading preacct {...} # Loading accounting {...} # Loading post-auth {...} } # server default radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 1812 proto = "udp" } listen { type = "acct" ipaddr = * port = 1813 proto = "udp" } Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Ready to process requests Below my mods-enabled/sql config file root@dev raddb]# more mods-enabled/sql # -*- text -*- ## ## sql.conf -- SQL modules ## ## $Id: 29fb4b28e1b085d66415052dcdb5cc255392dcc3 $ sql { driver = "rlm_sql_postgresql" postgresql { send_application_name = yes } dialect = "postgresql" server = "localhost" login = "radius" password = "durango" radius_db = "radius" acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" authcheck_table = "radcheck" groupcheck_table = "radgroupcheck" authreply_table = "radreply" groupreply_table = "radgroupreply" usergroup_table = "radusergroup" read_groups = no read_profiles = no delete_stale_sessions = yes logfile = ${logdir}/sqllog.sql pool { start = 5 min = 4 max = ${thread[pool].max_servers} spare = 3 uses = 0 lifetime = 0 idle_timeout = 60 } read_clients = no client_table = "nas" # Read database-specific queries $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf } And the file I'm trying to log into: root@dev radius]# ls -la /var/log/radius/ total 60 drwx------. 3 radiusd radiusd 4096 Mar 27 16:46 . drwxr-xr-x. 7 root root 4096 Mar 27 03:17 .. drwx------. 3 radiusd radiusd 22 Dec 10 22:09 radacct -rw-r-----. 1 radiusd radiusd 22020 Mar 27 16:37 radius.log -rw-r-----. 1 radiusd radiusd 17339 Dec 23 22:06 radius.log-20160101.gz -rw-r-----. 1 radiusd radiusd 185 Jan 1 03:23 radius.log-20160201.gz -rw-r-----. 1 radiusd radiusd 2151 Feb 4 15:37 radius.log-20160301 -rw-r--r-- 1 radiusd radiusd 0 Mar 27 16:46 sqllog.sql Exists but keep being empty.... Is there something I haven't understood with this logfile configuration ? Many thanks in advance for your help. Best Regards Laurent
On Mar 27, 2016, at 6:51 PM, Laurent Bourqui <freeradius@apicus.ch> wrote:
I'm currently trying to make the rim_sql run as I want. It's doing quite OK, but I'm having trouble to use the logfile configuration parameter in the sql configuration. As far I understood, this would log every sql requests in the file given in this argument. Basically I would like to have all requests logged in ${logdir}/sqllog.sql, mainly for debugging purpose.
Unfortunatelly this is not working at all, the attribute is configured but nothing is written in the log file. I have also tried to touch the file manually in order to have it configured with the correct rights.
You're using 3.0.4. Please use 3.0.11. This issues is fixed in recent versions of the server. Alan DeKok.
Hi Alan,
You're using 3.0.4. Please use 3.0.11. This issues is fixed in recent versions of the server.
Thanks for your answer. I have downloaded version 3.0.11, compiled it and started the server. Somehow I still have the same problem. The variable is defined but the log file is not written. Below the mods-enabled/sql configuration file: sql { driver = "rlm_sql_postgresql" postgresql { send_application_name = yes } dialect = "postgresql" server = "localhost" login = "xxxxxxx" password = "xxxxxxxx" radius_db = "radius" acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" authcheck_table = "radcheck" groupcheck_table = "radgroupcheck" authreply_table = "radreply" groupreply_table = "radgroupreply" usergroup_table = "radusergroup" read_groups = no read_profiles = no delete_stale_sessions = yes logfile = ${logdir}/sqllog.sql pool { start = 5 min = 2 max = ${thread[pool].max_servers} spare = 3 uses = 0 lifetime = 0 idle_timeout = 60 } read_clients = no client_table = "nas" # Read database-specific queries $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf } I would have expected with this configuration that all sql requests would be logged in ${logdir}/sqllog.sql and it does not. Running the server in debugging mode I found out that the logfile variable is completed correctly: -------------snip------------------ Mon Apr 11 21:16:13 2016 : Debug: # Loaded module rlm_sql Mon Apr 11 21:16:13 2016 : Debug: # Loading module "sql" from file /usr/local/etc/raddb/mods-enabled/sql Mon Apr 11 21:16:13 2016 : Debug: sql { Mon Apr 11 21:16:13 2016 : Debug: driver = "rlm_sql_postgresql" Mon Apr 11 21:16:13 2016 : Debug: server = "localhost" Mon Apr 11 21:16:13 2016 : Debug: port = 0 Mon Apr 11 21:16:13 2016 : Debug: login = "radius" Mon Apr 11 21:16:13 2016 : Debug: password = "xxxxxxxxx" Mon Apr 11 21:16:13 2016 : Debug: radius_db = "xxxxxxxxx" Mon Apr 11 21:16:13 2016 : Debug: read_groups = no Mon Apr 11 21:16:13 2016 : Debug: read_profiles = no Mon Apr 11 21:16:13 2016 : Debug: read_clients = no Mon Apr 11 21:16:13 2016 : Debug: delete_stale_sessions = yes Mon Apr 11 21:16:13 2016 : Debug: sql_user_name = "%{User-Name}" Mon Apr 11 21:16:13 2016 : Debug: logfile = "/var/log/radius/sqllog.sql" Mon Apr 11 21:16:13 2016 : Debug: default_user_profile = "" Mon Apr 11 21:16:13 2016 : Debug: client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" Mon Apr 11 21:16:13 2016 : Debug: authorize_check_query = "SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" Mon Apr 11 21:16:13 2016 : Debug: authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Mon Apr 11 21:16:13 2016 : Debug: authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" Mon Apr 11 21:16:13 2016 : Debug: authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" Mon Apr 11 21:16:13 2016 : Debug: group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority" Mon Apr 11 21:16:13 2016 : Debug: safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Mon Apr 11 21:16:13 2016 : Debug: accounting { -------------snip------------------ Freeradius Version: [root@dev radius]# radiusd -v radiusd: FreeRADIUS Version 3.0.11, for host x86_64-unknown-linux-gnu, built on Apr 9 2016 at 14:53:45 Copyright (C) 1999-2016 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT [root@dev radius]# Running on CentOS: [root@dev radius]# uname -a Linux dev 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@dev radius]# Is there something which I configured wrong ? Any help is welcome. Regards Laurent ----- Original Message ----- From: "Alan DeKok" <aland@deployingradius.com> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Monday, March 28, 2016 7:10:02 PM Subject: Re: ram_sql module do not write sql requests into log file On Mar 27, 2016, at 6:51 PM, Laurent Bourqui <freeradius@apicus.ch> wrote:
I'm currently trying to make the rim_sql run as I want. It's doing quite OK, but I'm having trouble to use the logfile configuration parameter in the sql configuration. As far I understood, this would log every sql requests in the file given in this argument. Basically I would like to have all requests logged in ${logdir}/sqllog.sql, mainly for debugging purpose.
Unfortunatelly this is not working at all, the attribute is configured but nothing is written in the log file. I have also tried to touch the file manually in order to have it configured with the correct rights.
You're using 3.0.4. Please use 3.0.11. This issues is fixed in recent versions of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi, running in debug mode? wont log. running normally? check file permissions. alan
Hi, Thanks for the tips, didn't know that running in debug mode wouldn't log. But this still doesn't work. I checked file permission but no way, the sqllog.sql file is not created and if I "touch" it and give him the correct permissions, nothing is written in it: snip of radiusd.conf: ------------------------------------------- prefix = /usr/local exec_prefix = /usr/local sysconfdir = /user/local/etc localstatedir = /var sbindir = /usr/local/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct # name of the running server. See also the "-n" command-line option. name = radiusd # Location of config and logfiles. confdir = ${raddbdir} modconfdir = ${confdir}/mods-config certdir = ${confdir}/certs cadir = ${confdir}/certs run_dir = ${localstatedir}/run/${name} db_dir = ${localstatedir}/lib/radiusd #libdir = /usr/lib64/freeradius libdir = /usr/local/lib/freeradius pidfile = ${run_dir}/${name}.pid max_request_time = 30 cleanup_delay = 5 max_requests = 256 hostname_lookups = yes log { destination = files colourise = yes file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = yes auth_badpass = yes auth_goodpass = no msg_goodpass = "" msg_badpass = "" } # The program to execute to do concurrency checks. checkrad = ${sbindir}/checkrad # SECURITY CONFIGURATION # security { user = radiusd group = radiusd allow_core_dumps = no max_attributes = 200 reject_delay = 1 status_server = yes allow_vulnerable_openssl = 'CVE-2014-0160' } ------------------------------------------- Snip of /etc/passwd: ------------------------------------------- radiusd:x:95:95:radiusd user:/home/radiusd:/sbin/nologin ------------------------------------------- List of log directory: [root@dev radius]# ls -la total 4256 drwx------. 3 radiusd radiusd 4096 Apr 21 19:43 . drwxr-xr-x. 8 root root 4096 Apr 20 15:20 .. drwx------. 3 radiusd radiusd 22 Dec 10 22:09 radacct -rw-r----- 1 radiusd radiusd 4289522 Apr 21 19:45 radius.log -rw-r-----. 1 radiusd radiusd 17339 Dec 23 22:06 radius.log-20160101.gz -rw-r-----. 1 radiusd radiusd 185 Jan 1 03:23 radius.log-20160201.gz -rw-r-----. 1 radiusd radiusd 2151 Feb 4 15:37 radius.log-20160301 -rw-r-----. 1 radiusd radiusd 22020 Mar 27 16:37 radius.log-20160330 -rw-r----- 1 radiusd radiusd 0 Mar 30 03:30 radius.log-20160401 [root@dev radius]# I must have configured something wrong but cannot see it. Any hit is welcome. Regards Laurent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Laurent Bourqui