debug log and syslog

Thomas Fagart tfagart at brozs.net
Fri Apr 3 13:56:25 CEST 2009


Hello,

I would use radmin (available from 2.1.3)


www1# radmin 
radmin 2.1.5 - FreeRADIUS Server administration tool.
Copyright (C) 2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
radmin> debug file jehan.log
radmin> debug level 0
radmin> debug condition '(User-Name == procacci)'
radmin> 


This will create the file jehan.log in your logdir, and catch the log for
the specifed user.

To stop the log use 

radmin> debug condition 

You can set much more complicated filtering condition by reading man
unlang, or use the new tool that rely on radmin which is called raddebug.

Thomas



On Fri, 03 Apr 2009 09:25:17 +0200, Jehan PROCACCIA
<Jehan.Procaccia at it-sudparis.eu> wrote:
> Hello, I re-open that "old" (05.09.2008) thread ...
> 
> I still really need to log radiusd in order to debug a timeout problem 
> in our eduroam infrastructure.
> the problem is that radiusd is in production and runing it with -X is 
> too verbious
> I want to log though syslog or direct log files some of the radiusd -X 
> informations
> 
> from the -X I found these kind of logs which are relevant to me, how can 
> I get them in syslog or logfile or linelog ?
> 
> rad_check_password: Found Auth-Type EAP
> rlm_ldap: performing user authorization for procacci
> lm_ldap: (re)connect to ldap1.int-evry.fr:389, authentication 0
> Exec-Program output: Tunnel-Type := VLAN, Tunnel-Medium-Type := 
> IEEE-802, Tunnel-Private-Group-Id := 903
> Sending Access-Accept of id 70 to 157.159.27.100 port 32768
> User-Name = "procacci"
> Tunnel-Type:0 := VLAN
> Tunnel-Medium-Type:0 := IEEE-802
> Tunnel-Private-Group-Id:0 := "903"
> rad_recv: Accounting-Request packet from host 157.159.27.100 port 32768, 
> id=87, length=200
> User-Name = "procacci"
> NAS-Port = 29
> NAS-IP-Address = 157.159.27.100
> Framed-IP-Address = 192.168.200.17
> Calling-Station-Id = "192.168.200.17"
> Called-Station-Id = "157.159.27.100"
> 
> I tested that without succes :-(
> 
> # Jehan
> linelog {
> filename = ${logdir}/jehan.log
> format = "JP Login OK for %{User-Name} on %{NAS-Port-Id} ..."
> }
> 
> the file keeps been empty
> 
> please let me know how to tune radiusd logging .
> thanks .
> 
> jehan procaccia a e'crit :
>> tnt at kalik.net wrote:
>>>> I can run debug log by starting radiusd -X , but for production, I
> want
>>>> logs to go to a file and not stdout .
>>>
>>> http://linuxbasics.org/course/book/chap_05
>> indeed ;-)
>>>> for now with that config I only get 2 lines in radiusd.log when I 
>>>> log in
>>>> 802.X EAP-ttls , telling:
>>>>
>>>> Sep 5 10:42:30 radiustux radiusd[14619]: Login OK: [procacci] (from
>>>> client APS_Cisco port 29 cli 00-1F-3C-59-5E-52)
>>>> Sep 5 10:42:30 radiustux radiusd[14619]: Login OK: [anonymous] (from
>>>> client APS_Cisco port 29 cli 00-1F-3C-59-5E-52)
>>>>
>>>
>>> What else do you want? You can log additional lines with linelog
> module.
>>>
>>> linelog {
>>>
>>> filename = ... you probably want radius.log file
>>>
>>> format = "Things you want to log ..."
>>>
>>> }
>> In fact radiusd -X gives me too much logs, but the only one line of 
>> log per logging I have now is not enough.
>> I search for a compromise between -X full logs and what I want: the 
>> Username, the ldap servers used to autheticate him (we have 3 
>> directories depending on the @domain ), the IP adresse assigned and 
>> the vlan assigned .
>> from the -X I found these kind of logs which are relevant to me, how 
>> can I get them in syslog or logfile or linelog ?
>>
>> rad_check_password: Found Auth-Type EAP
>> rlm_ldap: performing user authorization for procacci
>> lm_ldap: (re)connect to ldap1.int-evry.fr:389, authentication 0
>> Exec-Program output: Tunnel-Type := VLAN, Tunnel-Medium-Type := 
>> IEEE-802, Tunnel-Private-Group-Id := 903
>> Sending Access-Accept of id 70 to 157.159.27.100 port 32768
>> User-Name = "procacci"
>> Tunnel-Type:0 := VLAN
>> Tunnel-Medium-Type:0 := IEEE-802
>> Tunnel-Private-Group-Id:0 := "903"
>> rad_recv: Accounting-Request packet from host 157.159.27.100 port 
>> 32768, id=87, length=200
>> User-Name = "procacci"
>> NAS-Port = 29
>> NAS-IP-Address = 157.159.27.100
>> Framed-IP-Address = 192.168.200.17
>> Calling-Station-Id = "192.168.200.17"
>> Called-Station-Id = "157.159.27.100"
>>
>> I tested that without succes :-(
>>
>> # Jehan
>> linelog {
>> filename = ${logdir}/jehan.log
>> format = "JP Login OK for %{User-Name} on %{NAS-Port-Id} ..."
>> }
>>
>> the file keeps been empty
>> [root at radiustux /var/log/radius]
>> $ ls -al jehan.log
>> -rw-rw---- 1 root radiusd 0 sep 5 15:12 jehan.log
>>
>> If it eventually works, where can I get the list of the %{Variables} 
>> available ?
>>> If you have attribute values in format statement list linelog in the
>>> section where the values will be known (post-auth etc.).
>>>
>>> Ivan Kalik
>>> Kalik Informatika IS
>>
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list