linelog best practice

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon May 15 18:08:35 CEST 2017


> On May 10, 2017, at 11:29 AM, cedric delaunay <cedric.delaunay at univ-rennes1.fr> wrote:
> 
> Le 24/01/2017 à 13:22, Matthew Newton a écrit :
>> On Tue, Jan 24, 2017 at 10:52:32AM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
>>> use Module-Failure-Message  - but also look at the 3.0.x HEAD from git or wait until 3.0.13
>>> comes out as Matthew has ensures theres a good starting point for the ELK crowd  :)
>> Yeah, to be honest rather than trying to write out JSON with
>> linelog personally I'd just look at reading the plain detail files
>> with logstash and using that to write them out as JSON. You might
>> be fine, but then some joker will come along and try to log in
>> with a username like 'silly"json'...
>> 
>> Should probably at least wrap all the attributes in
>> %{jsonquote:...} to be safe.
>> 
>> "rlm_jsonlog" is something I've thought about for a while. Just
>> not sure it's worth it. Might be if I can then use that to feed
>> directly into elasticsearch and skip the logstash bit.
>> 
>> Matthew
>> 
>> 
> I Matthew,
> Linelog/jon solution is pretty operational but as you have guessed it, I have problems with "\" in attributes.
> You talked about jsonquote but I can't find how use it.

It's an xlat, just us "%{jsonquote:<string>}" as part of your linelog fmt string.

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170515/3b666f29/attachment.sig>


More information about the Freeradius-Users mailing list