Best practices for logging in production environment?
Mohamed Lrhazi
Mohamed.Lrhazi at georgetown.edu
Fri Mar 27 01:12:36 CET 2015
Thanks Matthew.
Adding it to inner-tunnel did indeed make my log:
2015-03-26 20:02:49: Access-Reject: r="mschap: MS-CHAP2-Response is
incorrect" u=wire...
2015-03-26 20:02:49: Access-Reject: r="eap: Failed continuing EAP PEAP (25)
session. EAP sub-module failed" u=wire...
in inner-tunel I have:
post-auth {
linelog
#reply_log
-sql
Post-Auth-Type REJECT {
linelog
#reply_log
-sql
attr_filter.access_reject
}
}
In -X, I do see:
Login incorrect (mschap: MS-CHAP2-Response is incorrect): [ml623]
So, ideally, I would prefer something like this in my resulting log:
2015-03-26 20:02:49: Access-Reject: r="Login incorrect (mschap:
MS-CHAP2-Response is incorrect)"
But this is much better than what I had started with. Thanks a lot.
Mohamed.
On Thu, Mar 26, 2015 at 7:42 PM, Matthew Newton <mcn4 at leicester.ac.uk>
wrote:
> On Thu, Mar 26, 2015 at 07:24:24PM -0400, Mohamed Lrhazi wrote:
> > I see that if run with -X, I see this log:
> >
> > (23) } # authenticate = invalid
> > (23) Failed to authenticate the user.
> > (23) Login incorrect (eap: Failed continuing EAP PEAP (25) session. EAP
> > sub-module failed): [ml623] (from client gu_net_141_161 port 0 cli
> > 02-00-00-00-00-01)
> > (23) Using Post-Auth-Type Reject
> > (23) # Executing group from file /etc/freeradius/sites-enabled/default
>
> If you're logging that in the default (outer) server, try logging
> it from the inner-tunnel post-auth, just after you've done the
> actual authentication?
>
> If that comes up with what you're after, you can use unlang to
> copy the Module-Failure-Message to the outer request for logging
> there if you prefer.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list