linelog best practice
cedric delaunay
cedric.delaunay at univ-rennes1.fr
Wed Jan 25 09:25:37 CET 2017
Hi guys,
Thanks for the quick answer.
As a newbie, I didn't find how to implement Module-failure-message.
I follow this example :
http://lists.freeradius.org/pipermail/freeradius-users/2014-December/074957.html
but service wont run :
server eduroam-inner-tunnel { # from file /etc/raddb//sites-enabled/eduroam-inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
/etc/raddb//sites-enabled/eduroam-inner-tunnel[321]: Default list "session-state" specified in mapping section is invalid
/etc/raddb//sites-enabled/eduroam-inner-tunnel[321]: Failed to parse "update" subsection.
any detail I should know ?
I would like switch from 2.x to 3.x as soon as possible so I can't wait
for 3.0.13 release on my centos ;(
Matthew, I guess that you talk about this :
https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/doc/schemas/logstash
Maybe is that a best way but :
- I first have to make login-failure reason to be printed in detail
files, isn't it ?
Thanks
Cedric
Le 24/01/2017 à 13:22, Matthew Newton a écrit :
> On Tue, Jan 24, 2017 at 10:52:32AM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
>> use Module-Failure-Message - but also look at the 3.0.x HEAD from git or wait until 3.0.13
>> comes out as Matthew has ensures theres a good starting point for the ELK crowd :)
> Yeah, to be honest rather than trying to write out JSON with
> linelog personally I'd just look at reading the plain detail files
> with logstash and using that to write them out as JSON. You might
> be fine, but then some joker will come along and try to log in
> with a username like 'silly"json'...
>
> Should probably at least wrap all the attributes in
> %{jsonquote:...} to be safe.
>
> "rlm_jsonlog" is something I've thought about for a while. Just
> not sure it's worth it. Might be if I can then use that to feed
> directly into elasticsearch and skip the logstash bit.
>
> Matthew
>
>
--
Cédric Delaunay Direction des Systèmes d'Informations
Equipe Réseau & Telephonie 263, Avenue du Général Leclerc
Tel: 02 23 23 71 59 CS 74205 - 35042 Rennes Cedex
Pour toute demande utiliser l'aide et assistance via l'ENT à l'adresse
http://ent.univ-rennes1.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3610 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170125/561d2c85/attachment.bin>
More information about the Freeradius-Users
mailing list