Add TLS version to logs with linelog in FreeRADIUS 3.2.4

[Alan DeKok]

On Jun 14, 2024, at 7:10 AM, dominic.stalder at unibe.ch wrote:
> When I start the debugging (see full output below), I can see the following attributes, which I could use / log now:
> 
> (10) eap_peap:   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
> (10) eap_peap:   TLS-Session-Version = "TLS 1.2"
> 
> When I try to “access” them in the linelog configuration like this…

  The "eap_peap" text is just debugging information that tells you which module is being run.  It's not part of the attribute name.

>   sp {
>      Access-Accept = "%t : AuthZ: (%I) Access-Accept: [%{%{reply:User-Name}:-%{User-Name}}] TLS-Test=%{%{eap_peap:TLS-Session-Version}:-NULL}

  You can't use "%{eap_peap:TLS-Session-Version}".  No documentation says that it will work.

> TLS-Version=%{%{session-state:TLS-Session-Version}:-NULL}

  Why are you using "session-state" in one place, and "eap_peap" in another?  If the reference in session-state works, just use that.

> Any hint, how I can “access” those two attributes in FreeRADIUS 3.2.4 correctly?

  Use the correct reference.

> Full debug output:

  Which doesn't actually include the server receiving any packets...

  It helps to read documentation.

 Alan DeKok.