debug log and syslog

jehan procaccia jehan.procaccia at it-sudparis.eu
Fri Sep 5 16:19:01 CEST 2008 

tnt at kalik.net wrote:
>> I can run debug log by starting radiusd -X , but for production, I want
>> logs to go to a file and not stdout .
>>     
>
> http://linuxbasics.org/course/book/chap_05
>   
indeed ;-)
>> for now with that config I only get 2 lines in radiusd.log when I log in
>> 802.X EAP-ttls , telling:
>>
>> Sep  5 10:42:30 radiustux radiusd[14619]: Login OK: [procacci] (from
>> client APS_Cisco port 29 cli 00-1F-3C-59-5E-52)
>> Sep  5 10:42:30 radiustux radiusd[14619]: Login OK: [anonymous] (from
>> client APS_Cisco port 29 cli 00-1F-3C-59-5E-52)
>>
>>     
>
> What else do you want? You can log additional lines with linelog module.
>
> linelog {
>
>      filename = ... you probably want radius.log file
>
>      format = "Things you want to log ..."
>
> }
>   
In fact radiusd -X gives me too much logs, but the only one line of log 
per logging I have now is not enough.
I search for a compromise between -X full logs and what I want: the 
Username, the ldap servers used to autheticate him (we have 3 
directories depending on the @domain ), the IP adresse assigned and the 
vlan assigned .
from the -X I found these kind of logs which are relevant to me, how can 
I get them in syslog or logfile or linelog ?

rad_check_password: Found Auth-Type EAP
rlm_ldap: performing user authorization for procacci
lm_ldap: (re)connect to ldap1.int-evry.fr:389, authentication 0
Exec-Program output: Tunnel-Type := VLAN, Tunnel-Medium-Type := 
IEEE-802, Tunnel-Private-Group-Id := 903
Sending Access-Accept of id 70 to 157.159.27.100 port 32768
User-Name = "procacci"
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "903"
rad_recv: Accounting-Request packet from host 157.159.27.100 port 32768, 
id=87, length=200
User-Name = "procacci"
NAS-Port = 29
NAS-IP-Address = 157.159.27.100
Framed-IP-Address = 192.168.200.17
Calling-Station-Id = "192.168.200.17"
Called-Station-Id = "157.159.27.100"

I tested that without succes :-(

# Jehan
linelog {
filename = ${logdir}/jehan.log
format = "JP Login OK for %{User-Name} on %{NAS-Port-Id} ..."
}

the file keeps been empty
[root at radiustux /var/log/radius]
$ ls -al jehan.log
-rw-rw---- 1 root radiusd 0 sep 5 15:12 jehan.log

If it eventually works, where can I get the list of the %{Variables} 
available ?
> If you have attribute values in format statement list linelog in the
> section where the values will be known (post-auth etc.).
>
> Ivan Kalik
> Kalik Informatika IS

More information about the Freeradius-Users mailing list