Changing "radlog" calls to RDEBUG & setting Module-Failure-Message

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sun Feb 3 21:17:55 CET 2013


On 3 Feb 2013, at 09:53, Alan DeKok <aland at DEPLOYINGRADIUS.COM> wrote:

>  Some time later...
> 
> Phil Mayers wrote:
>> I run a small local patch that changes a few irritating calls to radlog
>> into RDEBUG and sets the Module-Failure-Message inside rlm_eap; these
>> are useful for logging per-request failure causes.
>> 
>> See here:
>> 
>> https://github.com/philmayers/freeradius-server/commit/baab30d0f16dc449c47a4686d86717c1a8f0712e
> 
>  I think it's petty good.
> 
>> More generally - I personally think that radlog calls are appropriate
>> for whole-server events (e.g. upstream proxy down) but not per-request
>> events (except possibly very, very fatal errors) as a "radius.log" can
>> grow surprisingly large when a client is banging away at you. What do
>> others think?
> 
>  Yes.


I think rlm_eap is one of the worst for this. The majority of the time SSL errors are nothing to do with the general operation of the server, and are just raised because the client sent junk, should these be changed to RDEBUG, or should RERROR and RNOTICE be defined as well?

-Arran
 


More information about the Freeradius-Devel mailing list