log failed logins

Alan DeKok aland at deployingradius.com
Wed Jan 24 08:14:58 CET 2007

Cory Robson wrote:
> Does anyone have a list of attributes I can log on failed attempts and the
> structure for the SQL statement.

  No, because the list of attributes depends on what the NAS sends, and
on your local configuration.

  Some modules add Module-Message, but not all do.

> Eg %{reply:Reply-Message} quite often gives me "=5Cr=5CnYou are already
> logged in - access denied=5Cr=5Cn=5Cn" whereas I obviously only need the
> statement you are already logged in.
> I assume that an attribute followed by :- means to place what follows in the
> event of no data provided.

  Yes.  See doc/variables.txt

> Looking for lots of clarification here.
> postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply,
> date, callingid) values ('', '%{User-Name}',
> '%{User-Password:-Chap-Password}', '%{reply:Reply-Message}', NOW(),
> '%{Calling-Station-Id}')"

  Failed authentications are logged to radius.log.  See rad_authlog() in
src/main/auth.c for what it logs, and what may be available.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Users mailing list