Loging of proxied requests

Peter Nixon listuser at peternixon.net
Thu Aug 10 11:48:30 CEST 2006


On Wed 09 Aug 2006 14:25, Josip Almasi wrote:
> Peter Nixon wrote:
> > Wouldn't it be better for us to be a bit more concise about things? for
> > example:
> >
> > Mon Aug  7 20:18:40 2006 : Auth: Login incorrect (realm: myrealm proxy:
> > myproxy): [peter/peter] (from client NAS1 port 60000 cli XXXXXXXX)
> >
> > I am doing crazy thing like:
> >  DEFAULT Called-Station-Id == "YYYYYY", Proxy-To-Realm := realm1
> >  DEFAULT Called-Station-Id == "ZZZZZZZ", Proxy-To-Realm := realm2
> >
> > Therefore, I am sure that you can see why this extra logging information
> > would be usefull. (You can't tell the realm simply by looking at the
> > username)
>
> Use the Source, Luke;)
>
> And I'm logging vendor attributes.
> (in order to identify misconfigured NASes; comes handy when you have
> 400+ NASes and 150k users)
> Makes me think about configurable logging.
> Like, configure log in such a way that it always logs defined attributes
> values, if exist.
> Guess people need logging in various places; i.e. important message for
> me is user not found in radgroupcheck.
> So with such a log both Peter and me would get our logging requirements
> satisfied:)

Hi Josip

I am of course capable of "using the source" however before I start committing 
code changes to a part of the server that I don't normally play with I 
thought I would discuss it on the list.

I was also thinking about configurable logging. We are currently patching FR 
to add the CalledStationID to the Auth logs also as that is important info to 
us. One of our deployments is at a GSM operator where the CalledStationID is 
the APN name of the GPRS network, and therefore peter connecting to 
APN "internet" is a different user than "peter" connecting to APN "wap" or 
APN "corporatecustomerX"

This is actually a change that I think everyone else could benefit from, as 
well as the proxy logging change. (Clearer logs are always better) however 
having a way to turn attributes on and off in the logs is a nice idea.

I have not committed either patch yet because log formats are a sensitive 
thing to change (You break people's monitoring systems..)

Do you have a patch for configurable logging?

Cheers
-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20060810/e57be035/attachment.pgp>


More information about the Freeradius-Devel mailing list