Execute external script triggered by accounting request
aland at deployingradius.com
Wed Jun 28 22:05:13 CEST 2017
On Jun 28, 2017, at 4:02 PM, Leandro <ingrogger at gmail.com> wrote:
> Hi guys , I need to take device ip from accounting request packet, use this ip to run external script to grab some device parameters via ping and snmp.
> Im working on two methods , both have cons and advantages.
> 1st Method: "perl module."
> So far I have the module working with a testing script but when I want to exec net::ping module it yelds that root privileges are needed.
> I tried "usermod -G root radiusd" to provide radiusd root privileges but have not success.
> Other consequence of this method could be to get a very large delay considering that every devices takes 5~7 secs to process and send the response back, so I think that it would be good also to run this external script in background.
Yes. That solution is not a good idea for precisely those reasons.
> 2nd Method " Tail the raddacct file"
> I can use a perl tail process to grab the "Framed_ip_address" from the accounting log file and execute the snmp and ping queries from outside the radius process
> Principal advantage could be that Im not adding extra delay to the radius accounting process.
> I wanted to know if is possible to change the accounting logging behaviour in the following way:
> Write always to /var/log/messages file (currently it writes to detail-YYYYMMDD file).
> Select the fields and write them horizontally instead of writting them in column format.
See raddb/mods-available/linelog. You can write custom logs in a line-by-line format.
More information about the Freeradius-Users