Logging Accounting Packets

J Kephart jkephart at safetynetaccess.com
Tue Sep 2 18:56:14 CEST 2014

Hello, all!  We've running FreeRADIUS v2.1.12, and we're seeing some
rather odd behavior.  We have two problems we're trying to address.

The first is that we see instances in which we have successful
authentications, but for which no accounting message is ever logged,
despite receiving accounting requests from the client device.  In
addition, packet captures show that we do, in fact, get the accounting
request, but radius is not replying to it.  What might cause that?

The second issue is also related to the accounting process.  What we
believe right now is that, at some points, often right around midnight
(US/Eastern), we're getting flooded with accounting packets from client
devices, many of which are seriously outdated (or duplicates, or both). 
We originally thought that we might have an errant cron event that ran
around that time, but we've checked all of those, and they only take
seconds to run, so that doesn't seem to explain it.  Unfortunately,
while we've found all sorts of documentation on how to log access
requests, we seem unable to find anything on logging accounting
requests, other than those that are logged in the detail files, etc.,
after a successful request.  What we'd like to see is some way of
logging, in radius.log, for example, accounting requests, whether
successful or not.  We don't need all of the details, necessarily, just
a means of noting that the request came in and from where (IP). 
Regardless, what we're trying to prove or disprove is the flood theory,
and we need an unattended means of collecting the data.

I'd appreciate any insight into these.



More information about the Freeradius-Users mailing list