debug log and syslog

Jehan PROCACCIA Jehan.Procaccia at it-sudparis.eu
Fri Apr 3 09:25:17 CEST 2009


Hello, I re-open that "old" (05.09.2008) thread ...

I still really need to log radiusd in order to debug a timeout problem 
in our eduroam infrastructure.
the problem is that radiusd is in production and runing it with -X is 
too verbious
I want to log though syslog or direct log files some of the radiusd -X 
informations

from the -X I found these kind of logs which are relevant to me, how can 
I get them in syslog or logfile or linelog ?

rad_check_password: Found Auth-Type EAP
rlm_ldap: performing user authorization for procacci
lm_ldap: (re)connect to ldap1.int-evry.fr:389, authentication 0
Exec-Program output: Tunnel-Type := VLAN, Tunnel-Medium-Type := 
IEEE-802, Tunnel-Private-Group-Id := 903
Sending Access-Accept of id 70 to 157.159.27.100 port 32768
User-Name = "procacci"
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "903"
rad_recv: Accounting-Request packet from host 157.159.27.100 port 32768, 
id=87, length=200
User-Name = "procacci"
NAS-Port = 29
NAS-IP-Address = 157.159.27.100
Framed-IP-Address = 192.168.200.17
Calling-Station-Id = "192.168.200.17"
Called-Station-Id = "157.159.27.100"

I tested that without succes :-(

# Jehan
linelog {
filename = ${logdir}/jehan.log
format = "JP Login OK for %{User-Name} on %{NAS-Port-Id} ..."
}

the file keeps been empty

please let me know how to tune radiusd logging .
thanks .

jehan procaccia a e'crit :
> tnt at kalik.net wrote:
>>> I can run debug log by starting radiusd -X , but for production, I want
>>> logs to go to a file and not stdout .
>>
>> http://linuxbasics.org/course/book/chap_05
> indeed ;-)
>>> for now with that config I only get 2 lines in radiusd.log when I 
>>> log in
>>> 802.X EAP-ttls , telling:
>>>
>>> Sep 5 10:42:30 radiustux radiusd[14619]: Login OK: [procacci] (from
>>> client APS_Cisco port 29 cli 00-1F-3C-59-5E-52)
>>> Sep 5 10:42:30 radiustux radiusd[14619]: Login OK: [anonymous] (from
>>> client APS_Cisco port 29 cli 00-1F-3C-59-5E-52)
>>>
>>
>> What else do you want? You can log additional lines with linelog module.
>>
>> linelog {
>>
>> filename = ... you probably want radius.log file
>>
>> format = "Things you want to log ..."
>>
>> }
> In fact radiusd -X gives me too much logs, but the only one line of 
> log per logging I have now is not enough.
> I search for a compromise between -X full logs and what I want: the 
> Username, the ldap servers used to autheticate him (we have 3 
> directories depending on the @domain ), the IP adresse assigned and 
> the vlan assigned .
> from the -X I found these kind of logs which are relevant to me, how 
> can I get them in syslog or logfile or linelog ?
>
> rad_check_password: Found Auth-Type EAP
> rlm_ldap: performing user authorization for procacci
> lm_ldap: (re)connect to ldap1.int-evry.fr:389, authentication 0
> Exec-Program output: Tunnel-Type := VLAN, Tunnel-Medium-Type := 
> IEEE-802, Tunnel-Private-Group-Id := 903
> Sending Access-Accept of id 70 to 157.159.27.100 port 32768
> User-Name = "procacci"
> Tunnel-Type:0 := VLAN
> Tunnel-Medium-Type:0 := IEEE-802
> Tunnel-Private-Group-Id:0 := "903"
> rad_recv: Accounting-Request packet from host 157.159.27.100 port 
> 32768, id=87, length=200
> User-Name = "procacci"
> NAS-Port = 29
> NAS-IP-Address = 157.159.27.100
> Framed-IP-Address = 192.168.200.17
> Calling-Station-Id = "192.168.200.17"
> Called-Station-Id = "157.159.27.100"
>
> I tested that without succes :-(
>
> # Jehan
> linelog {
> filename = ${logdir}/jehan.log
> format = "JP Login OK for %{User-Name} on %{NAS-Port-Id} ..."
> }
>
> the file keeps been empty
> [root at radiustux /var/log/radius]
> $ ls -al jehan.log
> -rw-rw---- 1 root radiusd 0 sep 5 15:12 jehan.log
>
> If it eventually works, where can I get the list of the %{Variables} 
> available ?
>> If you have attribute values in format statement list linelog in the
>> section where the values will be known (post-auth etc.).
>>
>> Ivan Kalik
>> Kalik Informatika IS
>




More information about the Freeradius-Users mailing list