Questions about particular uses of line log module
Alan DeKok
aland at deployingradius.com
Thu Oct 20 13:13:53 UTC 2022
On Oct 20, 2022, at 8:57 AM, Coy Hile <coy.hile at coyhile.com> wrote:
>
> Good morning,
>
> I have an interesting use case for the linelog module. I want to get information about successful and unsuccessful authentication attempts in one place in a format that is easily consumable by, e.g. log shipping tools. So far, I’ve found that I can do a config snippet such as
>
> Access-Accept = "%T Accepted User: %{User-Name} NAS-IP-Address %{NAS-IP-Address} Access-Level: %{Tmp-String-0}”
>
> to get the user, device and access level granted to the engineer.
>
> Is there any way that we could get the VSAs that get returned so we could log them here as well? Sure, we get them in the detailed reply_logs, but those aren’t the most useful thing for a log aggregation tool to parse. If I know the device is, e.g. Cisco or Juniper, I’d just log %{Cisco-AVPair} or %{JunOS-Local-User-Name}, but I’d rather do that in a more vendor-agnostic way if I can.
That's difficult, because there's no easy way to say "all VSAs".
> Worst case, I can just use the detail files if necessary and let the log-shipping tool figure it out.
That might be simplest.
Alan DeKok.
More information about the Freeradius-Users
mailing list