Log entries when proxying
Tony Skalski
ajs at stolaf.edu
Tue May 11 20:16:08 CEST 2021
Thanks!
On Tue, May 11, 2021 at 1:08 PM Alan DeKok <aland at deployingradius.com>
wrote:
> On May 11, 2021, at 12:57 PM, Tony Skalski via Freeradius-Users <
> freeradius-users at lists.freeradius.org> wrote:
> >
> > I am proxying some clients (based on outer identity) to our old NPS
> > servers. This is an eduroam wireless environment and many of the example
> > configs I've found have linelog statements in the outer tunnel pre-proxy
> > and post-proxy sections. This results in about 25-30 log messages for a
> > single proxied authentication.
> >
> > This seemed like a lot of messages for a single authn, so I went looking
> > for a state attribute that would allow me to identify the first proxy
> > request and log that, as well as the final proxy accept, but not all of
> the
> > intervening proxy requests and challenges.
> >
> > Is it commonplace to log a message for each proxy request and challenge
> > like this? (and I should not worry about the number of log messages)
>
> Not everyone does it. But FreeRADIUS gives you the power to log
> whatever you want.
>
> > Or, is there a way to identify the initial proxy request and not log the
> > intervening requests and challenges? Thanks!
>
> Sure. The first proxied EAP packet won't contain the State attribute.
> All subsequent ones will. So you can do:
>
> if (!State) {
> linelog
> }
>
> And it will only log one line per EAP session.
>
> Alan DeKok.
>
>
--
*Tony Skalski*
System Administrator | IT
*Office: *507-786-3227 <(507)786-3227>
1510 St. Olaf Avenue Northfield, MN 55057
stolaf.edu
More information about the Freeradius-Users
mailing list