linelog best practice

cedric delaunay cedric.delaunay at
Wed Jan 25 09:25:37 CET 2017

Hi guys,
Thanks for the quick answer.
As a newbie, I didn't find how to implement Module-failure-message.
I follow this example :
but service wont run :

server eduroam-inner-tunnel { # from file /etc/raddb//sites-enabled/eduroam-inner-tunnel
  # Loading authenticate {...}
  # Loading authorize {...}
  # Loading session {...}
  # Loading post-proxy {...}
  # Loading post-auth {...}
/etc/raddb//sites-enabled/eduroam-inner-tunnel[321]: Default list "session-state" specified in mapping section is invalid
/etc/raddb//sites-enabled/eduroam-inner-tunnel[321]: Failed to parse "update" subsection.

any detail I should know ?

I would like switch from 2.x to 3.x as soon as possible so I can't wait 
for 3.0.13 release on my centos ;(

Matthew, I guess that you talk about this :
Maybe is that a best way but :
     - I first have to make login-failure reason to be printed in detail 
files, isn't it ?


Le 24/01/2017 à 13:22, Matthew Newton a écrit :
> On Tue, Jan 24, 2017 at 10:52:32AM +0000, A.L.M.Buxey at wrote:
>> use Module-Failure-Message  - but also look at the 3.0.x HEAD from git or wait until 3.0.13
>> comes out as Matthew has ensures theres a good starting point for the ELK crowd  :)
> Yeah, to be honest rather than trying to write out JSON with
> linelog personally I'd just look at reading the plain detail files
> with logstash and using that to write them out as JSON. You might
> be fine, but then some joker will come along and try to log in
> with a username like 'silly"json'...
> Should probably at least wrap all the attributes in
> %{jsonquote:...} to be safe.
> "rlm_jsonlog" is something I've thought about for a while. Just
> not sure it's worth it. Might be if I can then use that to feed
> directly into elasticsearch and skip the logstash bit.
> Matthew

Cédric Delaunay			Direction des Systèmes d'Informations
Equipe Réseau & Telephonie	263, Avenue du Général Leclerc
Tel: 02 23 23 71 59		CS 74205 - 35042 Rennes Cedex

Pour toute demande utiliser l'aide et assistance via l'ENT à l'adresse

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3610 bytes
Desc: Signature cryptographique S/MIME
URL: <>

More information about the Freeradius-Users mailing list