Problem suppressing timestamp/Request-Athenticator in detailed logging

[Alan DeKok]

Janet Plato wrote:
> In one paragraph:
> 
>  - I want to to send messages related to radiusd to a local file
>    such as /var/log/messages or radius.log

  Look for "syslog" in radiusd.conf.

>  - I was accounting related messages written out one line each in a
>    local file since it is easy to automatically filter them to
>    notice anomalies.  I want to limit the size of log files and 
>    putting it all on one line works better for me.

  See the "linelog" module.

>  - I want the accounting related messages to also be reflected to
>    a remote syslog server that is part of our monitoring systems,
>    where it can cause visual alerts when certain things happen.

  The "linelog" module can write to syslog.

>  - I want to configure networks in clients.conf, but have logging
>    done by NAS-IP-Addr.

  I have no idea what that means.

  In any case, the "linelog" module can create customized messages.

> At this moment the server seems to be answering fine and the default
> config is mostly working.  I am now trying to work step by step towards
> the following:
> 
>  - I want to have log messages related to the radius daemon appear in
> /var/log/radius/radius.log (or /var/log/messages), things like starting
> and stopping the server, errors in the config and so on.  Local detail
> files could also go there, but I'd rather they went in their own detail
> file.

  The detail files do detailed logging.  Don't try to change how the
detail files work.

>  - I want radiusd to send syslog messages concerning logins to a
> remote syslog server at the same time it logs local details.  I could
> enable logging to the local syslog socket and having syslogd reflect
> local1.* to @syslog.remote.my.net, but: radiusd cannot log to both
> files and syslog in the same log {} stanza in radiusd.conf and also
> syslogd would have to reflect all events of facility.* to the remote
> server.

  Well... that's the way it works.  You can use a syslog server which
supports configurable filtering and redirection of log messages.  i.e.
rsyslog.

>  Right now nothing else uses local1.* but that might not 
> always be true.  Also, if radiusd sends everything to a remote 
> syslog server that is fine, as long as it also does local file logging.  

  Sorry, server logs go to one place.  The server is *not* in the
business of duplicating log messages.  See a configurable "syslog"
server for this functionality.

> If radiusd does its own remote syslog sending, then local processes 
> are free to send to the local socker on local1.* without conflict.
> I could probably get syslogd to log to both a file and a remote server
> but that causes problems with other processes potentially using the same
> facility.severity.

  Only if you use a 1980s syslog server.

>  - I want to be able to configure networks in my clients.conf
> file but have logging by NAS IP address.

> I'd like to log the header line I specified and suppress everything else:
> 
> 2010-11-03 14:50:38 1b17d86ead 10.1.1.1: User uname from 192.168.1.1 Start
> 2010-11-03 14:50:38 1b17d86ead 10.1.1.1: User uname from 192.168.1.1 Stop

  See the "linelog" module.  It is for exactly this purpose.

>   This lets me easily notice trends in the system, does not fill
> up my logs, allows me to filter out logins from known users on 
> their desktops, and see what is left.  I can easily write something 
> that views the log file as a series of stanzas, and only shows 
> those stanzas that do not contain both (a username line with a 
> known user and a client-IP from a known host).  The detail log rolls daily
> which is nice, but I would prefer the server messages to go into radius.log
> which rolls less often.
> 
>   So how can I just have it create a header with what I want, 
> and suppress everything else as well as log to a remote syslog server?

  The "linelog" module, followed by using a more powerful syslog server.

  Alan DeKok.