Custom, conditional, variable in linelog
Giuseppe Civitella
gcivitella at enter.eu
Mon Feb 19 18:29:38 CET 2018
So I updated my post-auth block and logged what I needed.
Now I have:
post-auth {
update {
&reply: += &session-state:
}
reply_log
exec
if
("%{ldap:ldap://127.0.0.1/ou=users,o=isiline,dc=who,dc=is?objectClass?one?(&(dialupAccess=yes)(o=cpe_mpls_15)(cn=%{User-Name}))}")
{
update reply {
&Reply-Message += 'ti sei loggato su un CPE
MPLS con livello 15'
&Cisco-AVPair += 'shell:priv-lvl=15'
&Filter-Id := 'cpe_mpls_15'
}
}
And I log the Filter-Id value this way:
linelog log_dyn_clients {
filename = ${logdir}/linelog-client-auth-%Y%m%d.log
permissions = 0600
reference = "messages.%{%{reply:Packet-Type}:-default}"
messages {
default = "[Unknown] unknown packet type %{Packet-Type}"
Access-Accept = "%{date:Event-Timestamp} [Accept] user:
%{User-Name}, client_ip: %{Packet-Src-IP-Address}, virtual_server:
%{Virtual-Server}, filter: %{reply:Filter-Id}"
Access-Reject = "%{date:Event-Timestamp} [Reject] user:
%{User-Name}, client_ip: %{Packet-Src-IP-Address}, virtual_server:
%{Virtual-Server}, filter: %{reply:Filter-Id}"
}
Best ragards,
Giuseppe
Il 16/02/2018 16:37, Giuseppe Civitella ha scritto:
> Hi all,
>
> I use a few virtual servers to define users access to CISCO devices
> against their LDAP profile.
>
> In every virtual server I've got:
>
> post-auth {
> update {
> &reply: += &session-state:
> }
> reply_log
> exec
> if
> ("%{ldap:ldap://127.0.0.1/USER_DN?objectClass?one?(&(dialupAccess=yes)(o=cpe_mpls_15)(cn=%{User-Name}))}")
> {
> update reply {
> &Reply-Message += 'Custom message'
> &Cisco-AVPair += 'shell:priv-lvl=15'
> My-Ldap-filter := cpe_mpls_15
> }
> }
> log_dyn_clients
>
> In my local dictionary I defined:
>
> ATTRIBUTE My-Ldap-filter 5000 string
>
>
> I'd like to assign a value to My-Ldap-filter in every if block and
> record the value in a log file.
>
> So i defined log_dyn_clients this way:
>
> linelog log_dyn_clients {
> filename = ${logdir}/linelog-client-auth-%Y%m%d.log
> permissions = 0600
> reference = "messages.%{%{reply:Packet-Type}:-default}"
> messages {
> default = "[Unknown] unknown packet type %{Packet-Type}"
> Access-Accept = "[Accept] user: %{User-Name}, client_ip:
> %{Packet-Src-IP-Address}, virtual_server: %{Virtual-Server}, attr:
> %{My-Ldap-filter}"
> Access-Reject = "[Reject] user: %{User-Name}, client_ip:
> %{Packet-Src-IP-Address}, virtual_server: %{Virtual-Server}, attr:
> %{My-Ldap-filter}"
> }
> }
>
> Unfortunately I'm not able to get My-Ldap-filter's value in the logs:
>
> [Accept] user: gcivitella, client_ip: 10.200.20.79, virtual_server:
> cpe_mpls_srv, attr:
> [Accept] user: gcivitella, client_ip: 10.200.20.79, virtual_server:
> cpe_mpls_srv, attr:
>
> How could I get the logs I need? Any idea?
>
> Thanks a lot,
>
> Giuseppe
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> --
> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non infetto.
> Seguire il link qui sotto per segnalarlo come spam:
> http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=D971F41743.A8275
>
>
More information about the Freeradius-Users
mailing list