Loging of proxied requests
listuser at peternixon.net
Thu Aug 10 11:48:30 CEST 2006
On Wed 09 Aug 2006 14:25, Josip Almasi wrote:
> Peter Nixon wrote:
> > Wouldn't it be better for us to be a bit more concise about things? for
> > example:
> > Mon Aug 7 20:18:40 2006 : Auth: Login incorrect (realm: myrealm proxy:
> > myproxy): [peter/peter] (from client NAS1 port 60000 cli XXXXXXXX)
> > I am doing crazy thing like:
> > DEFAULT Called-Station-Id == "YYYYYY", Proxy-To-Realm := realm1
> > DEFAULT Called-Station-Id == "ZZZZZZZ", Proxy-To-Realm := realm2
> > Therefore, I am sure that you can see why this extra logging information
> > would be usefull. (You can't tell the realm simply by looking at the
> > username)
> Use the Source, Luke;)
> And I'm logging vendor attributes.
> (in order to identify misconfigured NASes; comes handy when you have
> 400+ NASes and 150k users)
> Makes me think about configurable logging.
> Like, configure log in such a way that it always logs defined attributes
> values, if exist.
> Guess people need logging in various places; i.e. important message for
> me is user not found in radgroupcheck.
> So with such a log both Peter and me would get our logging requirements
I am of course capable of "using the source" however before I start committing
code changes to a part of the server that I don't normally play with I
thought I would discuss it on the list.
I was also thinking about configurable logging. We are currently patching FR
to add the CalledStationID to the Auth logs also as that is important info to
us. One of our deployments is at a GSM operator where the CalledStationID is
the APN name of the GPRS network, and therefore peter connecting to
APN "internet" is a different user than "peter" connecting to APN "wap" or
This is actually a change that I think everyone else could benefit from, as
well as the proxy logging change. (Clearer logs are always better) however
having a way to turn attributes on and off in the logs is a nice idea.
I have not committed either patch yet because log formats are a sensitive
thing to change (You break people's monitoring systems..)
Do you have a patch for configurable logging?
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Freeradius-Devel