Suggested feature for rlm_detail: logging only a few specific users

Bjørn Mork bjorn at mork.no
Mon Apr 24 21:23:21 CEST 2006


"Alan DeKok" <aland at nitros9.org> writes:
> =?iso-8859-1?Q?Bj=F8rn_Mork?= <bjorn at mork.no> wrote:
>> Where users.debug contains a list of users to debug.  The syntax is
>> similar to users(5).  It can even contain check-items and DEFAULT
>> entries (which only makes sense if combined with check items), to
>> filter the logging even more.
>
>   You should be able to configure the server to do this.  Put the
> per-user logging in a special Post-Auth-Type, and configure the
> Post-Auth-Type dynamically per user.  If you pull the Post-Auth-Type
> from a database, you should be able to change it on the fly.

Great tip!

>   In other words, if your patch is to combine the "users" module with
> the "detail" module, the server is configurable enough that you should
> already be able to do that.

Yes, the idea was to "users" and "detail".  I still think it has a
couple of advantages that makes me want it, but I'm getting the
feeling that I'm alone ;-)

I'll try to explain why I want it:

- it can be used to log rejects on a per-user basis (which I don't
  think your method above will?)

- it makes per-user logging available in configuration sections with
  other modules. rlm_detail supports authorize, accounting, pre_proxy,
  post_proxy and postauth, and I want to be able to do per-user
  logging in any of these sections



Bjørn




More information about the Freeradius-Devel mailing list