auth and detail logs into json format?
cedric delaunay
cedric.delaunay at univ-rennes1.fr
Mon Apr 30 09:27:11 CEST 2018
Hi,
Did you create a link for linelog in mods-enabled folder ?
You should see module loading in debug mode
Cédric
Le 26/04/2018 à 00:32, J E H A N Z A I B a écrit :
> Thank you cedric,
>
> I have just installed rlm_rest module (/usr/lib64/freeradius/rlm_rest.so)
>
> i added in my linelog (i will just start from auth logs for now)
>
> linelog linelog_postauth {
> format = "%t linelog_postauth \%{Packet-Type} connecting for
> %{jsonquote:%{User-Name}} (%{Packet-Type})"
> filename = ${logdir}/linelog_json
> permissions = 0604
> reference = "messages.%{%{reply:Packet-Type}:-format}"
> messages {
> Access-Reject =
> "{\"Datetime\":\"%t\",\"Module_Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:Packet-Type}\",\"requestID\":\"%n\",\"User-Name\":\"%{jsonquote:%{User-Name}}\",\"Realm\":\"%{Realm}\",\"Reject-Cause\":\"%{jsonquote:%{%{session-state:Module-Failure-Message}:-%{Module-Failure-Message}}}\",\"NAS-IP-Address\":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\",\"Service-Type\":\"%{Service-Type}\",\"Framed-MTU\":\"%{Framed-MTU}\",\"State\":\"%{State}\",\"Class\":\"%{Class}\",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"Session-Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"%{Idle-Timeout}\",\"Termination-Action\":\"%{Termination-Action}\",\"Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling-Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}\",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Challenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit\":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"
> Access-Challenge =
> "{\"Datetime\":\"%t\",\"Module_Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:Packet-Type}\",\"requestID\":\"%n\",\"User-Name\":\"%{jsonquote:%{User-Name}}\",\"Realm\":\"%{Realm}\",\"NAS-IP-Address\":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\",\"Service-Type\":\"%{Service-Type}\",\"Framed-Protocol\":\"%{Framed-Protocol}\",\"Framed-IP-Address\":\"%{Framed-IP-Address}\",\"Framed-IP-Netmask\":\"%{Framed-IP-Netmask}\",\"Framed-Routing\":\"%{Framed-Routing}\",\"Filter-Id\":\"%{Filter-Id}\",\"Framed-MTU\":\"%{Framed-MTU}\",\"Framed-Compression\":\"%{Framed-Compression}\",\"Login-IP-Host\":\"%{Login-IP-Host}\",\"Login-Service\":\"%{Login-Service}\",\"Login-TCP-Port\":\"%{Login-TCP-Port}\",\"Reply-Message\":\"%{Reply-Message}\",\"Callback-Number\":\"%{Callback-Number}\",\"Callback-Id\":\"%{Callback-Id}\",\"Framed-Route\":\"%{Framed-Route}\",\"Framed-IPX-Network\":\"%{Framed-IPX-Network}\",\"State\":\"%{State}\",\"Class\":\"%{Class}\",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"Session-Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"%{Idle-Timeout}\",\"Termination-Action\":\"%{Termination-Action}\",\"Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling-Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}\",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Challenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit\":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"
> }
> }
>
>
> The error i am getting is
>
> # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
> /etc/raddb/mods-enabled/linelog[131]: Failed parsing expanded string:
> /etc/raddb/mods-enabled/linelog[131]: ...uth \%{Packet-Type} connecting for
> %{jsonquote:%{User-Name}} (%{Packet-Type})
> /etc/raddb/mods-enabled/linelog[131]:
> ^ Unknown module
>
> looks like the module is not loaded. do i need to load specifically
> somewhere in the radius ?
>
>
>
> On Tue, Apr 24, 2018 at 8:03 PM, cedric delaunay <
> cedric.delaunay at univ-rennes1.fr> wrote:
>
>> Hi,
>> Here is how we did on our server :
>>
>> enabled rest module (for jsonquote) with all options disabled
>> enabled linelog module with specific submodule by request type :
>> ex :
>>
>> linelog {
>> ...
>> # logging in a uniq file
>> filename = ${logdir}/linelog
>> ...
>> linelog linelog_postauth {
>> format = "%t linelog_postauth \%{Packet-Type} non reconnu for
>> %{jsonquote:%{User-Name}} (%{Packet-Type})"
>> filename = ${logdir}/linelog_json
>> permissions = 0604
>> #reference = "%{%{Packet-Type}:-format}"
>> reference = "messages.%{%{reply:Packet-Type}:-format}"
>> messages {
>> #Original # Access-Reject = "%t log_postauth %{reply:Packet-Type}
>> for %{User-Name} Calling-Station-Id=%{Calling-Station-Id}
>> NAS=%{NAS-IDentifier}"
>> Access-Reject = "{\"Datetime\":\"%t\",\"Module
>> _Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:
>> Packet-Type}\",\"requestID\":\"%n\",\"User-Name\":\"%{
>> jsonquote:%{User-Name}}\",\"Realm\":\"%{Realm}\",\"Reject-
>> Cause\":\"%{jsonquote:%{%{session-state:Module-Failure-
>> Message}:-%{Module-Failure-Message}}}\",\"NAS-IP-Address\
>> ":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\",\"
>> Service-Type\":\"%{Service-Type}\",\"Framed-MTU\":\"%{
>> Framed-MTU}\",\"State\":\"%{State}\",\"Class\":\"%{Class}\
>> ",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"Session-
>> Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"%{Idle-T
>> imeout}\",\"Termination-Action\":\"%{Termination-Action}\",\
>> "Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling
>> -Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier
>> \":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}
>> \",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-
>> LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{
>> Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-
>> AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{
>> Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{
>> Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Chal
>> lenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit
>> \":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"
>>
>> #Original Access-Challenge = "%t log_postauth Sent challenge:
>> %{User-Name} Calling-Station-Id=%{Calling-Station-Id}
>> NAS=%{NAS-IDentifier}"
>> Access-Challenge = "{\"Datetime\":\"%t\",\"Module
>> _Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:
>> Packet-Type}\",\"requestID\":\"%n\",\"User-Name\":\"%{
>> jsonquote:%{User-Name}}\",\"Realm\":\"%{Realm}\",\"NAS-IP-
>> Address\":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\"
>> ,\"Service-Type\":\"%{Service-Type}\",\"Framed-Protocol\":\"
>> %{Framed-Protocol}\",\"Framed-IP-Address\":\"%{Framed-IP-Add
>> ress}\",\"Framed-IP-Netmask\":\"%{Framed-IP-Netmask}\",\"
>> Framed-Routing\":\"%{Framed-Routing}\",\"Filter-Id\":\"%{
>> Filter-Id}\",\"Framed-MTU\":\"%{Framed-MTU}\",\"Framed-
>> Compression\":\"%{Framed-Compression}\",\"Login-IP-
>> Host\":\"%{Login-IP-Host}\",\"Login-Service\":\"%{Login-Serv
>> ice}\",\"Login-TCP-Port\":\"%{Login-TCP-Port}\",\"Reply-Mess
>> age\":\"%{Reply-Message}\",\"Callback-Number\":\"%{Callback
>> -Number}\",\"Callback-Id\":\"%{Callback-Id}\",\"Framed-
>> Route\":\"%{Framed-Route}\",\"Framed-IPX-Network\":\"%{
>> Framed-IPX-Network}\",\"State\":\"%{State}\",\"Class\":\"%{
>> Class}\",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"
>> Session-Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"
>> %{Idle-Timeout}\",\"Termination-Action\":\"%{Termination-Action}\",\"
>> Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling
>> -Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier
>> \":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}
>> \",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-
>> LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{
>> Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-
>> AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{
>> Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{
>> Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Chal
>> lenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit
>> \":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"
>> }
>> ...
>> }
>>
>> linelog log_accounting {
>> ...
>> Accounting-Request {
>> Start = "{\"Datetime\":\"%t\",\"Module
>> _Name\":\"log_accounting\",\"Packet-Type\":\"Accounting-
>> start\",\"Acct-Status-Type\":\"%{Acct-Status-Type}\",\"NAS-
>> IP-Address\":\"%{NAS-IP-Address}\",\"User-Name\":\"%{
>> jsonquote:%{User-Name}}\",\"Acct-Session-Id\":\"%{Acct-
>> Session-Id}\",\"Framed-IP-Address\":\"%{Framed-IP-
>> Address}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Cisco-
>> AVPair\":\"%{Cisco-AVPair}\",\"VLAN\":\"%{Tunnel-Private-
>> Group-Id:0}\",\"Tunnel-Type\":\"%{Tunnel-Type:0}\",\"Tunnel-
>> Medium-Type\":\"%{Tunnel-Medium-Type:0}\",\"Calling-
>> Station-Id\":\"%{Calling-Station-Id}\",\"Called-Station-Id\":\"%{Called-
>> Station-Id}\",\"Event-Timestamp\":\"%{Event-Timestamp}\",\"
>> Acct-Unique-Session-Id\":\"%{Acct-Unique-Session-Id}\",\"
>> Stripped-User-Name\":\"%{Stripped-User-Name}\",\"Realm\":\"%{Realm}\"}"
>>
>> Stop = "{\"Datetime\":\"%t\",\"Module
>> _Name\":\"log_accounting\",\"Packet-Type\":\"Accounting-
>> stop\",\"Acct-Status-Type\":\"%{Acct-Status-Type}\",\"NAS-
>> IP-Address\":\"%{NAS-IP-Address}\",\"User-Name\":\"%{
>> jsonquote:%{User-Name}}\",\"Acct-Session-Id\":\"%{Acct-
>> Session-Id}\",\"Framed-IP-Address\":\"%{Framed-IP-
>> Address}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Cisco-
>> AVPair\":\"%{Cisco-AVPair}\",\"VLAN\":\"%{Tunnel-Private-
>> Group-Id:0}\",\"Tunnel-Type\":\"%{Tunnel-Type:0}\",\"Tunnel-
>> Medium-Type\":\"%{Tunnel-Medium-Type:0}\",\"Acct-Input-
>> Octets\":\"%{Acct-Input-Octets}\",\"Acct-Output-Octets\":\"%{Acct-Output-
>> Octets}\",\"Acct-Input-Packets\":\"%{Acct-Input-Packets}\",\
>> "Acct-Output-Packets\":\"%{Acct-Output-Packets}\",\"Acct-
>> Terminate-Cause\":\"%{Acct-Terminate-Cause}\",\"Acct-
>> Session-Time\":\"%{Acct-Session-Time}\",\"Acct-Delay-
>> Time\":\"%{Acct-Delay-Time}\",\"Calling-Station-Id\":\"%{
>> Calling-Station-Id}\",\"Called-Station-Id\":\"%{
>> Called-Station-Id}\",\"Event-Timestamp\":\"%{Event-Timestamp
>> }\",\"Acct-Unique-Session-Id\":\"%{Acct-Unique-Session-Id}\"
>> ,\"Stripped-User-Name\":\"%{Stripped-User-Name}\",\"Realm\":\"%{Realm}\"}"
>>
>> Interim-Update =
>> "{\"Datetime\":\"%t\",\"Module_Name\":\"log_accounting\",\"
>> Packet-Type\":\"Accounting-update\",\"Acct-Status-Type\":
>> \"%{Acct-Status-Type}\",\"NAS-IP-Address\":\"%{NAS-IP-
>> Address}\",\"User-Name\":\"%{jsonquote:%{User-Name}}\",\"
>> Acct-Session-Id\":\"%{Acct-Session-Id}\",\"Framed-IP-
>> Address\":\"%{Framed-IP-Address}\",\"NAS-Identifier\":
>> \"%{NAS-Identifier}\",\"Cisco-AVPair\":\"%{Cisco-AVPair}\",\
>> "VLAN\":\"%{Tunnel-Private-Group-Id:0}\",\"Tunnel-Type\":
>> \"%{Tunnel-Type:0}\",\"Tunnel-Medium-Type\":\"%{Tunnel-
>> Medium-Type:0}\",\"Acct-Input-Octets\":\"%{Acct-Input-
>> Octets}\",\"Acct-Output-Octets\":\"%{Acct-Output-
>> Octets}\",\"Acct-Input-Packets\":\"%{Acct-Input-Packets}\",\
>> "Acct-Output-Packets\":\"%{Acct-Output-Packets}\",\"Acct-
>> Session-Time\":\"%{Acct-Session-Time}\",\"Acct-Delay-
>> Time\":\"%{Acct-Delay-Time}\",\"Calling-Station-Id\":\"%{
>> Calling-Station-Id}\",\"Called-Station-Id\":\"%{
>> Called-Station-Id}\",\"Event-Timestamp\":\"%{Event-Timestamp
>> }\",\"Acct-Unique-Session-Id\":\"%{Acct-Unique-Session-Id}\"
>> ,\"Stripped-User-Name\":\"%{Stripped-User-Name}\",\"Realm\":\"%{Realm}\"}"
>> }
>> }
>>
>>
>> Calling linelog modules in site conf
>>
>> post-auth {
>> ...
>> linelog_postauth
>> ...
>> }
>>
>> accounting {
>> ...
>> log_accounting
>> ...
>> }
>>
>>
>> Use nxlog to send logs to graylog/elasticsearch server
>>
>> /etc/nxlog.conf
>> <Extension gelf>
>> Module xm_gelf
>> </Extension>
>>
>> <Extension json>
>> Module xm_json
>> </Extension>
>>
>> <Input linelog_json>
>> Module im_file
>> File '/var/log/radius/linelog_json'
>> SavePos TRUE
>> ReadFromLast TRUE
>> Exec parse_json();
>> </Input>
>>
>> <Output out1>
>> Module om_tcp
>> Host 1.2.3.4
>> Port 12201
>> OutputType GELF_TCP
>> </Output>
>>
>> Maybe not the best way to do but that do the job
>> That's it ;)
>> Cédric
>>
>>
>>
>>
>>
>>
>>
>> Le 24/04/2018 à 08:03, Arran Cudbard-Bell a écrit :
>>
>>> On Apr 24, 2018, at 12:48 PM, J E H A N Z A I B <
>>>> jehanzaib.kiani at gmail.com> wrote:
>>>>
>>>> Hi folks,
>>>>
>>>> Is there anyway i can get auth-detail , linelog and detail logs into json
>>>> instead of plain text ?
>>>>
>>> You can write your linelog formats as json as use %{jsonquote:} to escape
>>> any special chars in the values.
>>>
>>> You will need the rlm_rest module loaded in order to get access to the
>>> jsonquote xlat expansion.
>>>
>>> -Arran
>>>
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
>>> /users.html
>>>
>>
>> --
>> Cédric Delaunay Direction des Systèmes d'Informations
>> Equipe Réseau & Telephonie 263, Avenue du Général Leclerc
>> Tel: 02 23 23 71 59 CS 74205 - 35042 Rennes Cedex
>>
>> Pour toute demande utiliser l'aide et assistance via l'ENT à l'adresse
>> http://ent.univ-rennes1.fr
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
>>
>
>
--
Cédric Delaunay Direction des Systèmes d'Informations
Equipe Réseau & Telephonie 263, Avenue du Général Leclerc
Tel: 02 23 23 71 59 CS 74205 - 35042 Rennes Cedex
Pour toute demande utiliser l'aide et assistance via l'ENT à l'adresse
http://ent.univ-rennes1.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3610 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180430/57cfaac6/attachment-0001.bin>
More information about the Freeradius-Users
mailing list