decoupled accounting cron check

Arran Cudbard-Bell a.cudbardb at gmail.com
Sun Mar 6 21:35:26 CET 2011 

So does the detail reader read the packet, find that its invalid and then retry the same packet?

-Arran


On Mar 6, 2011, at 2:37 PM, Alexander Clouter wrote:

> Hi,
> 
> For those out there using decoupled accounting, especially in an 
> 'eduroam' environment, might find the following helpful.
> 
> I receive a lot of random rubbish from the various NAS's deployed 
> internationally send to my FreeRADIUS installation.  Such moments of fun 
> are accounting stop packets with a zero session length 
> (CISCO_ACCOUNTING_HACK) resulting in a DoS when received in the 
> decoupled accounting case...plus the other usual hings that trigger 
> corner cases my custom (bad?) SQL statements do not catch when logging 
> this information to our database.
> 
> The unfortunate outcome means after a bad accounting packet, the 
> mountpoint I use for recording my journal fills up until FreeRADIUS 
> hangs with no warning (meanwhile FreeRADIUS works fine so it is not 
> something trivially monitored by NAGIOS or such).
> 
> The solution I slapped together is a quick minutely run script by cron 
> that notifies me by email when a problem occurs.
> 
> My preference is to place my detail journal files on a separate tmpfs 
> mountpoint (as I use low powered ARM boxes, OpenRD's if you are curious, 
> that only have a NAND):
> ----
> tmpfs /var/log/freeradius/radacct/journal tmpfs nosuid,nodev,noexec,size=32M,mode=700,uid=freerad,gid=freerad 0  0
> ----
> 
> Then the following script is used.
> ----
> #!/bin/sh
> 
> MOUNT=/var/log/freeradius/radacct/journal
> TRIGGER=1024
> RCPT="jill at example.com bob at example.com"
> MESSAGE="FreeRADIUS is on the road to implosion...yer might want to look into it.
> 
> Cheers"
> 
> SELF=$(basename $0)
> 
> if [ -e "/var/lock/$SELF" ]; then
> 	if [ $(df "$MOUNT" | tail -n1 | awk '{ print $3 }') -lt $(($TRIGGER/2)) ]; then
> 		rm "/var/lock/$SELF"
> 	else
> 		exit 1
> 	fi
> fi
> 
> [ $(df "$MOUNT" | tail -n1 | awk '{ print $3 }') -lt $TRIGGER ] && exit 0
> 
> DATE=$(date -R)
> TO=$(echo $RCPT | sed 's/ /, /g')
> 
> cat <<EOF | /usr/sbin/sendmail -i $RCPT
> To: $TO
> Date: $DATE
> Subject: $MOUNT exceeds ${TRIGGER}kB
> 
> $MESSAGE
> EOF
> 
> [ $? -eq 0 ] && touch "/var/lock/$SELF"
> 
> exit 1
> ----
> 
> That's it.  The above script will email you only a single time when more 
> that 1024kB of journal is sitting around waiting to be processed and 
> will re-enable notifications once it drops to half the trigger mark 
> (512kB).
> 
> Cheers
> 
> -- 
> Alexander Clouter
> .sigmonster says: T-shirt:
>                  	Life is *not* a Cabaret, and stop calling me chum!
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list