Logging eap timeouts in linelog

Tue Aug 22 19:52:42 CEST 2017

On 22 Aug 2017, at 18:36, Arnab Roy <arnabroy at mail.com> wrote:
>   I'm running 3.0.15 I am calling my module failure along with linelog in
>   post auth and not seeing it at all. Should I call linelog somewhere
>   else.

It can be a little tricky to capture it - in my inner tunnel I have:

	Post-Auth-Type REJECT {
		attr_filter.access_reject

		update outer.session-state {
			&Module-Failure-Message := &request:Module-Failure-Message
		}

		idp_log
	}

Which copies any errors from the inner tunnel into the outer session state to cache them for use later, then I capture it like:

  Access-Reject = "<< other log entries>> MODULE_MESSAGE=%{%{%{request:Module-Failure-Message}:-%{session-state:Module-Failure-Message}}:-NONE}"

Which tries to grab the failure for the current request, failing that, one cached in the session-state, failing that, it prints "NONE".

>   Can I just do it via unlang and check for that eap session state?

It'd be a bit tricky, but possible if you did a regex match, but you'd still need to ensure that the message is being captured properly.

If you post a full debug of a rejected request you want to track, someone can probably tell you why the failure message isn't being populated.

Regards,

Adam Bishop

  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  