Loging of proxied requests

Peter Nixon listuser at peternixon.net
Thu Aug 10 15:57:59 CEST 2006 

On Thu 10 Aug 2006 13:52, Mike Mitchell wrote:
> > > Peter Nixon wrote:
> > > > Wouldn't it be better for us to be a bit more concise
> >
> > about things? for
> >
> > > > example:
> > > >
> > > > Mon Aug  7 20:18:40 2006 : Auth: Login incorrect (realm:
> >
> > myrealm proxy:
> > > > myproxy): [peter/peter] (from client NAS1 port 60000 cli XXXXXXXX)
>
> Yeah, we do similar things, but worse! I hate legacy systems!
>
>
> I've modified our source so that it puts the Reply-Message (if it exists)
> in the Login incorrect message. eg:
>
>  Mon Aug  7 20:18:40 2006 : Auth: Login incorrect (Home server says so:
> Account Disabled) [peter] (from client NAS1 port 60000 cli XXXXXXXX)
>
> As we migrate away from legacy systems it gives us a single point of
> reference for authentication success/failures and the reasons.
>
> I think it could be very handy to have this log message more configurable,
> but I'm not sure what overhead that would add, its at least another call to
> xlat, and on a busy system this log is written out a lot!

Heh. Yeah. Well, in my case they are customers not legacy systems. We are 
basically acting as a AAA clearing house (or something).

I think such a patch certainly bears testing. The more relevant info you can 
give to an admin, the better he can do his job, and faster machines are 
cheaper than more admins! In any case I have not so far ever managed to 
stress FreeRADIUS... It's always been the backend that is working hard, not 
radiusd which rarely takes more than 1% of CPU. In a pure proxy environment 
that of course doesn't apply, but given that the SunFire (Opteron) boxes I 
use only run about $1000, adding an extra 2 (or 10) doesn't really cost 
allot. (Adding new database servers on the other hand is a different matter)

Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20060810/d126d673/attachment.pgp>

More information about the Freeradius-Devel mailing list