Is it possible to log connection details in MySQL?

Peter Nixon listuser at peternixon.net
Fri Sep 1 17:33:15 CEST 2006 

On Fri 01 Sep 2006 17:42, ZaiPower wrote:
> Hello:
>
> I'd like to know if it is possible to save all the info under the log
> directory "radacct" (connections' details by client's IP) in MySQL instead
> of files in hard disk.

Yes. This is certainly possible.

> Are all the variables accessible?. I mean, are they valid for an SQL
> sentence in 'postauth_query' variables %{Packet-Type}, %{User-Name},
> %{User-Password}, %{NAS-IP-Address}, %{NAS-Port} and  %{Client-IP-Address}?
> Am I missing any other info?

 'postauth_query' is funnily enough related to postauth, NOT Accounting.

Please read http://wiki.freeradius.org/index.php/Rlm_sql

> After reading the answer
> (http://wiki.freeradius.org/index.php/FAQ#How_do_I_log_failed_login_attempt
>s_in_a_SQL_database.3F) to the question "How do I log failed login attempts
> in a SQL database?" in the FreeRadius wiki it seems it is possible with
> adequate SQL sentences.

Yes. Do you want to log unsuccessfull logins or (successfull) accounting info 
to SQL?

> I see three problems:
> - I don't see clearly how to separate successfully authentication of
> unsuccessfull. Maybe like this? How could I tell FreeRadius different
> queries depending on type of request?
>
> 	post-auth {
> 		# Login successful: get an address from the IP pool.
> 		ippool
>
> 		Post-Auth-Type ACCEPT {
> 			sql
> 		}
>
> 		Post-Auth-Type REJECT {
> 			# Login failed: log to SQL database.
> 			sql
> 		}
> 	}
>


Please reread this. It is very clear.

> - Where I can find documentation about the different packet types and their
> data?

Your NAS documentation "may" contain this info. You can also read
http://www.ietf.org/rfc/rfc2865.txt
http://www.ietf.org/rfc/rfc2866.txt

> - Is it possible to tell FreeRadius that I want to send more than one query
> to MySQL?

More than one query for what?

> I really want this functionality (keep the connection logs in MySQL, not in
> the filesystem).  I make this question to know if I am in the right path or
> ideally if anybody has already make something like this.

Excellent. This functionality exists. Enjoy :-)

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060901/dacb449e/attachment.pgp>

More information about the Freeradius-Users mailing list