Best practices for logging in production environment?

Mohamed Lrhazi Mohamed.Lrhazi at georgetown.edu
Fri Mar 27 01:12:36 CET 2015


Thanks Matthew.

Adding it to inner-tunnel did indeed make my log:


2015-03-26 20:02:49: Access-Reject: r="mschap: MS-CHAP2-Response is
incorrect" u=wire...
2015-03-26 20:02:49: Access-Reject: r="eap: Failed continuing EAP PEAP (25)
session. EAP sub-module failed" u=wire...

in inner-tunel I have:

post-auth {
                linelog
                #reply_log
                -sql
                Post-Auth-Type REJECT {
                        linelog
                        #reply_log
                        -sql
                        attr_filter.access_reject
                }
        }


In -X, I do see:

Login incorrect (mschap: MS-CHAP2-Response is incorrect): [ml623]


So, ideally, I would prefer something like this in my resulting log:

2015-03-26 20:02:49: Access-Reject: r="Login incorrect (mschap:
MS-CHAP2-Response is incorrect)"

But this is much better than what I had started with. Thanks a lot.

Mohamed.






On Thu, Mar 26, 2015 at 7:42 PM, Matthew Newton <mcn4 at leicester.ac.uk>
wrote:

> On Thu, Mar 26, 2015 at 07:24:24PM -0400, Mohamed Lrhazi wrote:
> > I see that if run with -X, I see this log:
> >
> > (23)  } #  authenticate = invalid
> > (23) Failed to authenticate the user.
> > (23) Login incorrect (eap: Failed continuing EAP PEAP (25) session. EAP
> > sub-module failed): [ml623] (from client gu_net_141_161 port 0 cli
> > 02-00-00-00-00-01)
> > (23) Using Post-Auth-Type Reject
> > (23) # Executing group from file /etc/freeradius/sites-enabled/default
>
> If you're logging that in the default (outer) server, try logging
> it from the inner-tunnel post-auth, just after you've done the
> actual authentication?
>
> If that comes up with what you're after, you can use unlang to
> copy the Module-Failure-Message to the outer request for logging
> there if you prefer.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list