Custom attribute list

Matthew Newton mcn at
Fri Dec 3 14:50:52 CET 2021

On 03/12/2021 13:32, Lineconnect wrote:
>>> New attributes can be created with a dictionary file but is there similar
>>> way to create a new list? Background is that I want to use the linelog
>>> module and the xlat expansion, e.g. %{pairs:reply:}, but don't want to
>>> log EAP stuff and MPPE session keys etc, but it would be nice to have the
>>> possibility to use the dynamic expansion of these lists.
>>    You can just list each attribute you want to log.
> Yes but not every attribute will always filled, so there are sometimes empty "field" which i wanted to avoid.

There's some things that might work, albeit a bit hacky.

1. You could write with "detail" and then post-process the detail file.

2. Depending on when you're logging, you may be able to shuffle things 
around the lists if one list is no longer needed. E.g. if you're logging 
right at the end of post-auth then the request list probably won't be 
used any more. So

   # clear the request list
   update {
     &request: !* ANY

   # copy &reply: to &request:
   update {
     &request: := &reply:[*]

   # call attr_filter for the request list to get rid of unwanted reply 
attributes (configure appropriately)

   # linelog &request:[*]

You may also be able to do the same with the session-state list. Again 
if you're 100% sure you never need it again.

If you break it you definitely get to keep all the pieces with this one. 
It's really not a good idea...

3. Or you could use rlm_json which is now in v3.2 and lets you specify a 
list of attributes to log, e.g.

   "%{json_encode:&request:[*] !&User-Password !&State 
!&Message-Authenticator !&EAP-Message}"

But it's bleeding edge and not tested. And you get JSON output, not 
plain text, so still needs post-processing.

Alan's suggestion is still the cleanest and best, really.


More information about the Freeradius-Users mailing list