linelog module and logs on multiple lines
Alan DeKok
aland at deployingradius.com
Thu Dec 14 19:18:47 CET 2017
On Dec 14, 2017, at 11:50 AM, Jérôme BERTHIER <Jerome.Berthier at inria.fr> wrote:
> I used to write specific logs using linelog module :
>
> Access-Request = "%S\nPacket-Type = %{reply:Packet-Type} \n\tUser-Name = %{User-Name} \n\tCalling-Station-Id = %{Calling-station-Id} \n\tNAS-IP-Address = %{NAS-IP-Address} \n\tNAS-Port = %{NAS-Port} \n\tCalled-Station-Id = %{Called-Station-Id} \n\tClient-IP-Address = %{Client-IP-Address}"
>
> Since an upgrade to freeradius 3.0.13, the log is written on one single line and the characters \n\t are not interpreted.
Yes. The issue is that the server can't tell which \t comes from the configuration, and which comes from an attribute like User-Name.
In order to be secure, it removes / escapes all "magic" characters. The alternative would be for a user to put \t\n into his User-Name, and create fake log entries.
> Is it related to the new behavior with "correct_escapes = true" ?
No. It's part of auditing the server to be sure that's it's safe.
> Is there any trick to write logs on multiple lines ?
Not really. The linelog module is intended to log one line of text. Logging multiple lines of text isn't really supported.
We're working on fixing this in v4. The server will keep track of where the data came from, and escape User-Name, but not strings taken from the configuration files.
It might be possible to fix this in v3, but I don't think it's trivial.
Alan DeKok.
More information about the Freeradius-Users
mailing list