FYI: Logging Access Accept & Reject messages using linelog module

[Peter Lambrechtsen]

I was trying to get linelog to log a CSV style log file with the Access
Accept and Reject messages for auditing purposes.

Took a while to see that the "Access-Reject" verb doesn't work in the
modules/linelog file, it only ever uses the Access-Request since all the
requests are Access-Request messages.  So I had to log the
%{reply:Packet-Type}

So this is what I did in the end in the linelog module file:

    Access-Request =
"\"%S\",\"%{reply:Packet-Type}\",\"%{Packet-Src-IP-Address}\",\"%{NAS-IP-Address}\",\"%{Client-Shortname}\",\"%{User-Name}\""

Then I updated the post-auth section of the default file to include the
linelog module in both the main and the Post-Auth-Type REJECT to log the
Access-Reject messages too.

post-auth {

*                linelog*

                Post-Auth-Type REJECT {
*                                linelog*
                                reject

                }

And I get this in the linelog file.

"2012-03-06
20:40:02","Access-Accept","192.168.1.2","192.168.1.2","APP","Peter"

"2012-03-06
20:40:46","Access-Reject","192.168.1.2","192.168.1.2","APP","Peter"

Which is what we needed to have logged.

Hope it helps someone else.

Cheers

Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120306/5f617589/attachment.html>