Logging only auth failures?
Ian Ehrenwald
iehrenwald at tripadvisor.com
Tue Feb 14 21:06:57 CET 2012
Hi Alan
Thanks for the quick reply. I believe I've accomplished what I wanted to do. I've set 'auth' to undefined in the log{} section of radiusd.conf, created another instance of the linelog module called linelog_REJECT in which I set the reference to "%{reply:Packet-Type}", and then added 'linelog_REJECT' to the 'Post-Auth-Type REJECT' section within the default site config file. My remote syslog server is now only receiving 'Rejected access: someLoginName' messages. Thank you for your help.
On Feb 14, 2012, at 12:06 PM, Alan DeKok wrote:
> Ian Ehrenwald wrote:
>> Hello
>> I am using FreeRADIUS 2.1.9-3 on CentOS 6.0. I am sending all syslog output to a remote rsyslog server (and have local1.* assigned to RADIUS in rsyslogd.conf). I want to log only auth failures, not successful logins. Is there an easy way to do this? I don't want to use a SQL backing store for this project since that is what is holding the syslog data on the remote machine anyway. 'auth = yes' logs everything, 'auth = no' logs nothing, and I don't want to see/store the good/bad passwords, so 'auth_badpass' and 'auth_goodpass' aren't an option. I'm sure I'm not the only person who has wanted to do this, but I can't find anything on the freeradius-users list. Any help? Thanks.
>
> Patch the source.
>
> Or, use rlm_linelog, in the "Post-Auth-Type Reject" section.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ian Ehrenwald, Linux Systems Administrator
TripAdvisor, LLC, 141 Needham St, Newton, MA 02464
978-328-7816 (mobile) / 617-795-7716 (desk)
iehrenwald at tripadvisor.com / (Sent from my MacBook Pro)
More information about the Freeradius-Users
mailing list