linelog best practice
cedric delaunay
cedric.delaunay at univ-rennes1.fr
Wed May 10 17:29:18 CEST 2017
Le 24/01/2017 à 13:22, Matthew Newton a écrit :
> On Tue, Jan 24, 2017 at 10:52:32AM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
>> use Module-Failure-Message - but also look at the 3.0.x HEAD from git or wait until 3.0.13
>> comes out as Matthew has ensures theres a good starting point for the ELK crowd :)
> Yeah, to be honest rather than trying to write out JSON with
> linelog personally I'd just look at reading the plain detail files
> with logstash and using that to write them out as JSON. You might
> be fine, but then some joker will come along and try to log in
> with a username like 'silly"json'...
>
> Should probably at least wrap all the attributes in
> %{jsonquote:...} to be safe.
>
> "rlm_jsonlog" is something I've thought about for a while. Just
> not sure it's worth it. Might be if I can then use that to feed
> directly into elasticsearch and skip the logstash bit.
>
> Matthew
>
>
I Matthew,
Linelog/jon solution is pretty operational but as you have guessed it, I
have problems with "\" in attributes.
You talked about jsonquote but I can't find how use it.
Should I load "rest" module and web server associated or can I juste use
jsonquote in linelog syntax ?
Do somebody have a small howto aviable ?
Thanks
Cedric
--
Cédric Delaunay Direction des Systèmes d'Informations
Equipe Réseau & Telephonie 263, Avenue du Général Leclerc
Tel: 02 23 23 71 59 CS 74205 - 35042 Rennes Cedex
Pour toute demande utiliser l'aide et assistance via l'ENT à l'adresse
http://ent.univ-rennes1.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3610 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170510/cb2b9bb5/attachment.bin>
More information about the Freeradius-Users
mailing list