Sending accounting packets to more than one server?
Alexander Clouter
alex at digriz.org.uk
Fri Mar 4 09:46:35 CET 2011
Tim McNabb <tim at velociter.net> wrote:
>
> Hi there! I'm running FreeRADIUS 2.1.7, I was wondering if it is
> possible to forward accounting packets to another server while also
> keeping the packets on the local machine. I'm working on integrating a
> Netsweeper appliance and the company is saying that I need to forward
> accounting packets to the appliance in order for it to set policies
> correctly. Has anyone ever done this or would be willing to forward
> some good documentation on how this can be done?
>
I have not 'tee'd accounting packets before, but the following should
work. Look at the 'decoupled-accounting' and 'robust-proxy-accounting'
examples.
In your main RADIUS virtual server (the one that talks to your NASes),
configure it to write out to *two* different journals. The first one is
your 'regular' accounting path that maybe records things in a local SQL
database or whatever you like to log to. The second journalled instance
you proxy on the packets to this Netsweeper thingy-mcwhatsit.
Using the decoupling/journal thing prevents your SQL server (and the
appliance) potentially slowing down your accounting acknowledgement
replies. Beware though, the size of the journal should not get ever
above ~100kB (well for us at least)...if it does, it means FreeRADIUS
cannot process your accounting traffic due to some internal error
(either out of disk space, bad SQL syntax/error, etc) and the journal
will just keep growing until everything comes falling down.
The journal growing without me noticing has hit us several times
(badness on my part with dodgy SQL I send at my poor postgresql server)
so it is on the books either to NAGIOS monitor it or send me an email
alert from a cronjob.
Cheers
--
Alexander Clouter
.sigmonster says: Specifications subject to change without notice.
More information about the Freeradius-Users
mailing list