Is there a way log EAP NAK reason with linelog?

Rahman DURAN rahman.duran at erzurum.edu.tr
Thu Jul 11 10:36:27 UTC 2024


Hi,

I am using the "linelog" module for "accept" and "reject" logs with the
format and fields I need. It works pretty well for me. You can find the
template I use below.

Access-Reject = "Rejected User: [%{User-Name}] inner_username:
[%{session-state:ETU-Inner-User-Name}] event_timestamp: [%T]
calling_station_id: [%{Calling-Station-Id}] called_station_id:
[%{Called-Station-Id}] ssid: [%{Called-Station-SSID}] srcip:
[%{Packet-Src-IP-Address}] nas_name: [%{NAS-Identifier}] client_location:
[%{ETU-Client-Location}] failure_msg: [%{Module-Failure-Message}]
inner_failure_msg: [%{session-state:ETU-Inner-Module-Failure-Message}]
etu_service: [%{ETU-Radius-Service-Name}] auth_type: [%{control:Auth-Type}]
eap_type: [%{EAP-Type}] tls_version:
[%{&session-state:TLS-Session-Version}]"

I only support EAP-PEAP and EAP-TTLS for EAP types. Is there a way to log
the reason for EAP NAK while using "linelog"? For now, "%{EAP-Type}"
attribute prints "NAK" but could not find any additional attribute for the
NAK reason? If there is no default attribute, I can set a custom one with
"unlang" somewhere, so I can use it in "linelog" template?

Regards

Rahman Duran


More information about the Freeradius-Users mailing list