Log entries when proxying
Alan DeKok
aland at deployingradius.com
Tue May 11 20:08:25 CEST 2021
On May 11, 2021, at 12:57 PM, Tony Skalski via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> I am proxying some clients (based on outer identity) to our old NPS
> servers. This is an eduroam wireless environment and many of the example
> configs I've found have linelog statements in the outer tunnel pre-proxy
> and post-proxy sections. This results in about 25-30 log messages for a
> single proxied authentication.
>
> This seemed like a lot of messages for a single authn, so I went looking
> for a state attribute that would allow me to identify the first proxy
> request and log that, as well as the final proxy accept, but not all of the
> intervening proxy requests and challenges.
>
> Is it commonplace to log a message for each proxy request and challenge
> like this? (and I should not worry about the number of log messages)
Not everyone does it. But FreeRADIUS gives you the power to log whatever you want.
> Or, is there a way to identify the initial proxy request and not log the
> intervening requests and challenges? Thanks!
Sure. The first proxied EAP packet won't contain the State attribute. All subsequent ones will. So you can do:
if (!State) {
linelog
}
And it will only log one line per EAP session.
Alan DeKok.
More information about the Freeradius-Users
mailing list