Add client IP address to log messages
Matthew Newton
mcn at freeradius.org
Tue Nov 23 14:01:51 CET 2021
On 23/11/2021 12:41, Drew Weaver wrote:
> We have a lot of devices so it would really be useful if FreeRADIUS could log what client the request comes from.
The RADIUS "client" is the NAS - this might not be what you want.
There may be attributes such as Calling-Station-Id which are most
appropriate, rather than what the "client" is.
> Does anybody know how I can adjust it so that it says something like
>
> 1. Login incorrect (pap: Crypt digest does not match "known good" digest): [drew] (from client localhost port 0) from 192.168.55.2
You can alter it in radiusd.conf - see the log{} section, e.g.
msg_goodpass and msg_badpass.
> Where 192.168.55.2 is the IP address that sent the RADIUS auth request?
That is the NAS - which is probably not what you want. The NAS is
already shown ("from client localhost").
But e.g. something like
msg_badpass = "MAC:%{Calling-Station-ID}"
might be a start. See the debug output for what attributes are available.
> I believe that the information inside of the ( ) is sent from the device itself
No. You can see what comes from the NAS in the RADIUS attributes in the
debug output - only some of that comes from the end device.
> Any way to speed up the process of remediation is tremendously helpful.
Also take a look at the linelog module, it's a lot more flexible than
the built-in auth logging.
--
Matthew
More information about the Freeradius-Users
mailing list