Elasticsearch config update for detail files

Matthew Newton mcn4 at leicester.ac.uk
Thu Jan 14 17:45:28 CET 2016 

Hi,

I've just done a pull request to update the elasticsearch config
for FreeRADIUS. There are much more complete examples for the
whole stack now, which should make it quite easy for anyone else
to feed RADIUS detail files into elasticsearch for querying.

As an overview -

 - The elasticsearch mapping (i.e. database field formats) has
   been updated so that common numeric fields such as
   Acct-Input-Octets are stored as "long" instead of "string".

 - All other fields are automatically set to "string". The mapping
   should automatically cope with any RADIUS attributes thrown at
   it, though some manual tweaking may be required to add
   additional number types (if they are used as numbers, rather
   than just identifiers).

 - The logstash configuration will automatically pull out MAC
   addresses, IP addresses, SSIDs etc from common attributes such
   as Calling-Station-Id or Framed-IP-Address and store them as
   sub-fields. Therefore the stored data includes e.g.
   Called-Station-Id.ssid to directly get the wireless SSID value.

 - It also merges Acct-Input/Output-Octets and
   Acct-Input-Gigawords to become the 64-bit value
   Acct-Input-Octets.long, removing the need to join these
   elsewhere and making e.g. plots of data transferred by user
   much easier.

 - There is an example log-courier configuration file, which is
   better than using the mulitline filter in logstash (using this
   disables threaded filters, which can slow processing down with
   lots of logs).

In addition, example dashboards for both Kibana 3 and Kibana 4 and
instructions on importing them.

Putting all these together should make it really easy for anyone
to feed their RADIUS detail files into elasticsearch for querying,
analyzing and reporting.

Happy to hear from anyone who tries using this - successful or
otherwise. We've found it incredibly useful for all sorts of logs.

Thanks,

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list