Correlating request and accept/reject log?
jm+freeradiususer at roth.lu
jm+freeradiususer at roth.lu
Fri Mar 31 09:55:19 CEST 2017
Hmm, you mean "%I" (request ID)? (-->
https://wiki.freeradius.org/config/run_time_variables)
How would you include it? The ID is present neither in my auth nor
reply/reject log. I tried using "header = ..." but Freeradius just started
rejecting everything after that.
Ideally one would have one log entry (or even inject into SQL), with one
entry per event (all the info present in the request + the decision
whether it was accepted or rejected...)
--- Auth detail:
detail auth_log {
filename =
${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
permissions = 0600
suppress {
User-Password
}
}
Example:
Thu Mar 9 18:46:57 2017
Packet-Type = Access-Request
User-Name = '50-26-xx-xx-xx-xx'
Service-Type = Framed-User
Called-Station-Id = '20-B3-xx-xx-xx-xx'
Calling-Station-Id = '50-26-xx-xx-xx-xx'
NAS-Identifier = 'SWITCH1'
NAS-Port = 131
NAS-Port-Type = Ethernet
NAS-Port-Id = 'ge.3.27'
NAS-IP-Address = 192.168.xx.xxx
Message-Authenticator = 0xXXXXXXXXXXXXXXXXXXXXXXXXXX
--- Reply detail:
detail reply_log {
filename =
${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
permissions = 0600
}
Example:
Fri Mar 31 02:08:54 2017
Packet-Type = Access-Accept
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '100'
Reply-Message = 'ACCEPTED MAC address 70-8b-xx-xx-xx-xx, VLAN 100'
--- Reject detail:
detail reject_log {
filename =
${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reject-detail-%Y%m%d
permissions = 0600
}
Example:
Fri Mar 31 09:35:56 2017
Packet-Type = Access-Reject
Fri Mar 31 09:36:27 2017
Packet-Type = Access-Reject
Fri Mar 31 09:36:27 2017
Packet-Type = Access-Reject
Thanks,
Marki
More information about the Freeradius-Users
mailing list