Add TLS version to logs with linelog

[Matthew Newton]

On 17/04/2024 10:37, dominic.stalder at unibe.ch wrote:
> When I add those attributes to the linelog configuration, I get the correct values for the version and the ciphers:
> 
> (10) 802.1x_authz_log: EXPAND sp.%{%{reply:Packet-Type}:-format}
> (10) 802.1x_authz_log:    --> sp.Access-Accept
> (10) 802.1x_authz_log: EXPAND %t : AuthZ: (%I) Access-Accept: [%{%{reply:User-Name}:-%{User-Name}}] TLS-Version=%{%{session-state:TLS-Session-Version}:-NULL} TLS-Ciphers=%{%{session-state:TLS-Session-Cipher-Suite}:-NULL} SSID=%{%{request:Called-Station-SSID}:-NULL} Calling-Station-Id=%{%{request:Calling-Station-Id}:-Unknown} Called-Station-Id=%{%{request:Called-Station-Id}:-Unknown} Filter-ID=%{%{reply:Filter-Id}:-NULL} VLAN=%{%{reply:Tunnel-Private-Group-Id}:-NULL} Class=%{%{reply:Class}:-NULL} (from client %{Client-Shortname} port %{%{request:Nas-Port}:-0} cli %{%{request:Calling-Station-Id}:-Unknown})
> (10) 802.1x_authz_log:    --> Wed Apr 17 11:17:43 2024 : AuthZ: (39) Access-Accept: [dominic.stalder at unibe.ch] TLS-Version=TLS 1.2 TLS-Ciphers=ECDHE-RSA-AES256-GCM-SHA384 SSID=eduroam Calling-Station-Id=6A-05-BD-E0-F2-80 Called-Station-Id=3C-51-0E-72-2A-00 Filter-ID=staff VLAN=1874 Class=staff (from client cisco-wlc-9800-mgmt.wifi.unibe.ch port 4219 cli 6A-05-BD-E0-F2-80)
> 
> BUT know the authentication fails, I was not yet able to understand why this happens now. Any idea; I will go on and compare the two debug outputs (BEFORE and AFTER I add the attributes to linelog)?

May be able to help if we could see the full debug output... otherwise 
we'll spend all week guessing. Altering linelog output shouldn't cause 
any issues unless something you've done in linelog causes that to fail 
(which will be in the debug output you've trimmed).

-- 
Matthew