Running RADIUS in permanent debug mode with rotating log

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Oct 3 12:04:42 CEST 2013


On 3 Oct 2013, at 10:14, <stefan.paetow at diamond.ac.uk> wrote:

>> How can we run radiusd -x > "logname" such that we have different
>> logname for each day?
> 
> Clement, may I suggest a cron job?
> 
> At midnight, move the log, kill and restart the radius server with a new log in the name? Of course you run the risk of possibly killing any authentication attempts that happen at that point in time, but... that's something you need to take into account?

Please don't. Use a crontab by all means but just use the main log file and enable additional debugging (-xx).

As of 2.2.1 you can use the radmin control socket to reopen the log file handle without restarting the server, or sending a -HUP.

It's not just the fact you'll kill any EAP auth sessions in progress, but you'll will clear out any cached entries (rlm_cache), 
and where proxying is being performed upstream server state will be lost.

It's also dangerous in that if someone has messed with the configurations, or overwritten the radiusd/freeradius(debian) binary
you'll experience an unexpected migration to the new binary/config on next restart.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Users mailing list