debug log and syslog

tnt at kalik.net tnt at kalik.net
Fri Sep 5 21:06:05 CEST 2008


Download 2.1.0 and have a look at linelog there. It is much improved.

Ivan Kalik
Kalik Informatika ISP


Dana 5/9/2008, "jehan procaccia" <jehan.procaccia at it-sudparis.eu> piše:

>tnt at kalik.net wrote:
>>> I can run debug log by starting radiusd -X , but for production, I want
>>> logs to go to a file and not stdout .
>>>
>>
>> http://linuxbasics.org/course/book/chap_05
>>
>indeed ;-)
>>> for now with that config I only get 2 lines in radiusd.log when I log in
>>> 802.X EAP-ttls , telling:
>>>
>>> Sep  5 10:42:30 radiustux radiusd[14619]: Login OK: [procacci] (from
>>> client APS_Cisco port 29 cli 00-1F-3C-59-5E-52)
>>> Sep  5 10:42:30 radiustux radiusd[14619]: Login OK: [anonymous] (from
>>> client APS_Cisco port 29 cli 00-1F-3C-59-5E-52)
>>>
>>>
>>
>> What else do you want? You can log additional lines with linelog module.
>>
>> linelog {
>>
>>      filename = ... you probably want radius.log file
>>
>>      format = "Things you want to log ..."
>>
>> }
>>
>In fact radiusd -X gives me too much logs, but the only one line of log
>per logging I have now is not enough.
>I search for a compromise between -X full logs and what I want: the
>Username, the ldap servers used to autheticate him (we have 3
>directories depending on the @domain ), the IP adresse assigned and the
>vlan assigned .
>from the -X I found these kind of logs which are relevant to me, how can
>I get them in syslog or logfile or linelog ?
>
>rad_check_password: Found Auth-Type EAP
>rlm_ldap: performing user authorization for procacci
>lm_ldap: (re)connect to ldap1.int-evry.fr:389, authentication 0
>Exec-Program output: Tunnel-Type := VLAN, Tunnel-Medium-Type :=
>IEEE-802, Tunnel-Private-Group-Id := 903
>Sending Access-Accept of id 70 to 157.159.27.100 port 32768
>User-Name = "procacci"
>Tunnel-Type:0 := VLAN
>Tunnel-Medium-Type:0 := IEEE-802
>Tunnel-Private-Group-Id:0 := "903"
>rad_recv: Accounting-Request packet from host 157.159.27.100 port 32768,
>id=87, length=200
>User-Name = "procacci"
>NAS-Port = 29
>NAS-IP-Address = 157.159.27.100
>Framed-IP-Address = 192.168.200.17
>Calling-Station-Id = "192.168.200.17"
>Called-Station-Id = "157.159.27.100"
>
>I tested that without succes :-(
>
># Jehan
>linelog {
>filename = ${logdir}/jehan.log
>format = "JP Login OK for %{User-Name} on %{NAS-Port-Id} ..."
>}
>
>the file keeps been empty
>[root at radiustux /var/log/radius]
>$ ls -al jehan.log
>-rw-rw---- 1 root radiusd 0 sep 5 15:12 jehan.log
>
>If it eventually works, where can I get the list of the %{Variables}
>available ?
>> If you have attribute values in format statement list linelog in the
>> section where the values will be known (post-auth etc.).
>>
>> Ivan Kalik
>> Kalik Informatika IS
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list