Remotely monitoring server activity
Niels Tomey
niels at ixs.ph
Wed Feb 6 17:44:57 CET 2019
We're using graylog at work to interpret syslog messages. You can create
alerts if for example more than x login attempts failed within a certain
time frame and then get notified about it. You just need to define a grok
pattern for it.
You could also use process monitoring through SNMP to get an alert when
something happens to the radius process itself.
Regards,
Niels
On Thu, Feb 7, 2019, 00:35 Jorge Pereira <jpereiran at gmail.com wrote:
> On Wed, Feb 6, 2019 at 12:45 PM R3DNano <r3dnano at gmail.com> wrote:
> >
> > I'm trying to manage the global freeradius status from a remote location.
> > The files under /var/log/radius/radacct are pretty detailed and have a
> > lot of information about what is going on with the freeradius server.
> > However, searching the old mailing list archives, I see there's a
> > particular thread of someone asking how to send the radacct logs to a
> > remote syslog being not a recommended practice.
> >
>
> I did something similar using the syslog-ng with pattern-db
>
> https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.19/administration-guide/72#TOPIC-1094740
>
> > What's a practical way of having this information for further analysis
> > outside of the freeradius server? Send it to an SQL database somehow
> > perhaps?
> >
> > Also, about the logs sent to syslog (for further forwarding to a
> > remote syslog server) - is there a way to customize what's being sent
> > on those messages?
> >
> > Thanks.
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list