Remotely monitoring server activity
niels at ixs.ph
Wed Feb 6 17:44:57 CET 2019
We're using graylog at work to interpret syslog messages. You can create
alerts if for example more than x login attempts failed within a certain
time frame and then get notified about it. You just need to define a grok
pattern for it.
You could also use process monitoring through SNMP to get an alert when
something happens to the radius process itself.
On Thu, Feb 7, 2019, 00:35 Jorge Pereira <jpereiran at gmail.com wrote:
> On Wed, Feb 6, 2019 at 12:45 PM R3DNano <r3dnano at gmail.com> wrote:
> > I'm trying to manage the global freeradius status from a remote location.
> > The files under /var/log/radius/radacct are pretty detailed and have a
> > lot of information about what is going on with the freeradius server.
> > However, searching the old mailing list archives, I see there's a
> > particular thread of someone asking how to send the radacct logs to a
> > remote syslog being not a recommended practice.
> I did something similar using the syslog-ng with pattern-db
> > What's a practical way of having this information for further analysis
> > outside of the freeradius server? Send it to an SQL database somehow
> > perhaps?
> > Also, about the logs sent to syslog (for further forwarding to a
> > remote syslog server) - is there a way to customize what's being sent
> > on those messages?
> > Thanks.
> > -
> > List info/subscribe/unsubscribe? See
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users