Understanding FreeRADIUS statistics
dominic.stalder at unibe.ch
dominic.stalder at unibe.ch
Sun Jun 23 14:59:46 UTC 2024
Hi Alan
As already written, I updated to FreeRADIUS 3.2.5 on Friday evening and was now able to do some tests in our lab environment. I think there are still some "glitches" and I still have some comprehension questions.
About the environment:
- our FreeRADIUS servers act only as RADIUS proxy servers
- we use them primarely for our eduroam infrastructure and some other / smaller SSIDs or other RADIUS based infrastructure
***
A) Starting point:
I restarted the FreeRADIUS service at Jun 23 2024 16:16:07 CEST:
> This looks okay, most of the values remain 0 because there are no active endpoints around
> Q1: none the less, could you please allow me the questions, what could cause the FreeRADIUS-Total-Access-Requests to increment to 2? I had a packet capture running in the background and did not see any packet on dst port 1812.
cat <<EOF | radclient -x localhost:18121 status adminsecret
FreeRADIUS-Statistics-Type = ALL
Message-Authenticator=0x00
EOF
Received Access-Accept Id 17 from 127.0.0.1:18121 to 127.0.0.1:40029 length 596
FreeRADIUS-Total-Access-Requests = 2
FreeRADIUS-Total-Access-Accepts = 0
FreeRADIUS-Total-Access-Rejects = 0
FreeRADIUS-Total-Access-Challenges = 0
FreeRADIUS-Total-Auth-Responses = 0
FreeRADIUS-Total-Auth-Duplicate-Requests = 0
FreeRADIUS-Total-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Auth-Dropped-Requests = 0
FreeRADIUS-Total-Auth-Unknown-Types = 0
FreeRADIUS-Total-Auth-Conflicts = 0
FreeRADIUS-Total-Accounting-Requests = 0
FreeRADIUS-Total-Accounting-Responses = 0
FreeRADIUS-Total-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Acct-Unknown-Types = 0
FreeRADIUS-Total-Acct-Conflicts = 0
FreeRADIUS-Total-Proxy-Access-Requests = 0
FreeRADIUS-Total-Proxy-Access-Accepts = 0
FreeRADIUS-Total-Proxy-Access-Rejects = 0
FreeRADIUS-Total-Proxy-Access-Challenges = 0
FreeRADIUS-Total-Proxy-Auth-Responses = 0
FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0
FreeRADIUS-Total-Proxy-Accounting-Requests = 0
FreeRADIUS-Total-Proxy-Accounting-Responses = 0
FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0
FreeRADIUS-Stats-Start-Time = "Jun 23 2024 16:16:07 CEST"
FreeRADIUS-Stats-HUP-Time = "Jun 23 2024 16:16:07 CEST"
FreeRADIUS-Queue-Len-Internal = 0
FreeRADIUS-Queue-Len-Proxy = 0
FreeRADIUS-Queue-Len-Auth = 0
FreeRADIUS-Queue-Len-Acct = 0
FreeRADIUS-Queue-Len-Detail = 0
FreeRADIUS-Queue-PPS-In = 0
FreeRADIUS-Queue-PPS-Out = 0
FreeRADIUS-Stats-Threads-Active = 1
FreeRADIUS-Stats-Threads-Total = 5
FreeRADIUS-Stats-Threads-Max = 32
***
B) Test (with correct username / password):
> FreeRADIUS-Total-Access-Requests increases pretty fast, that looks okay
> I get 1 FreeRADIUS-Total-Access-Accepts (= okay)
> Q2: in your last response, you wrote "The numbers for requests and responses should be the same" --> is this regarding "FreeRADIUS-Total-Access-Challenges = 10" compared to "FreeRADIUS-Total-Auth-Responses = 11" or did you mean "FreeRADIUS-Total-Proxy-Access-Challenges =3" compared to "FreeRADIUS-Total-Proxy-Auth-Responses =3", or both?
> "FreeRADIUS-Total-Proxy-Access-Requests = 3" and "FreeRADIUS-Total-Proxy-Access-Challenges = 3" and "FreeRADIUS-Total-Proxy-Auth-Responses = 3" are equal, that looks okay
> Q3: "FreeRADIUS-Total-Proxy-Access-Accepts = 0" is zero, I think this should have been increment by 1, right?
> Q4: Are Proxy statistics included in Total statistics as well (let's say a "FreeRADIUS-Total-Proxy-Access-Request" is added to "FreeRADIUS-Total-Access-Requests" as well , or are they counted completely separate?
Received Access-Accept Id 107 from 127.0.0.1:18121 to 127.0.0.1:56264 length 596
FreeRADIUS-Total-Access-Requests = 159
FreeRADIUS-Total-Access-Accepts = 1
FreeRADIUS-Total-Access-Rejects = 0
FreeRADIUS-Total-Access-Challenges = 10
FreeRADIUS-Total-Auth-Responses = 11
FreeRADIUS-Total-Auth-Duplicate-Requests = 0
FreeRADIUS-Total-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Auth-Dropped-Requests = 0
FreeRADIUS-Total-Auth-Unknown-Types = 0
FreeRADIUS-Total-Auth-Conflicts = 0
FreeRADIUS-Total-Accounting-Requests = 0
FreeRADIUS-Total-Accounting-Responses = 0
FreeRADIUS-Total-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Acct-Unknown-Types = 0
FreeRADIUS-Total-Acct-Conflicts = 0
FreeRADIUS-Total-Proxy-Access-Requests = 3
FreeRADIUS-Total-Proxy-Access-Accepts = 0
FreeRADIUS-Total-Proxy-Access-Rejects = 0
FreeRADIUS-Total-Proxy-Access-Challenges = 3
FreeRADIUS-Total-Proxy-Auth-Responses = 3
FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0
FreeRADIUS-Total-Proxy-Accounting-Requests = 0
FreeRADIUS-Total-Proxy-Accounting-Responses = 0
FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0
FreeRADIUS-Stats-Start-Time = "Jun 23 2024 16:16:07 CEST"
FreeRADIUS-Stats-HUP-Time = "Jun 23 2024 16:16:07 CEST"
FreeRADIUS-Queue-Len-Internal = 0
FreeRADIUS-Queue-Len-Proxy = 0
FreeRADIUS-Queue-Len-Auth = 0
FreeRADIUS-Queue-Len-Acct = 0
FreeRADIUS-Queue-Len-Detail = 0
FreeRADIUS-Queue-PPS-In = 0
FreeRADIUS-Queue-PPS-Out = 0
FreeRADIUS-Stats-Threads-Active = 1
FreeRADIUS-Stats-Threads-Total = 5
FreeRADIUS-Stats-Threads-Max = 32
***
C) Test (with incorrect username / password):
Restarted the FreeRADIUS service beforehand...
> FreeRADIUS-Total-Access-Requests increases pretty fast, that looks okay again
> I get 1 FreeRADIUS-Total-Access-Reject (= okay)
> Q5: still "FreeRADIUS-Total-Access-Challenges = 8" and "FreeRADIUS-Total-Auth-Responses = 9" are not identical
> "FreeRADIUS-Total-Proxy-Access-Requests = 1" and "FreeRADIUS-Total-Proxy-Access-Challenges = 1" and "FreeRADIUS-Total-Proxy-Auth-Responses = 1" are equal again, that looks okay
> Q6: "FreeRADIUS-Total-Proxy-Access-Rejects = 0" is zero, I think this should have been increment by 1, right?
Received Access-Accept Id 170 from 127.0.0.1:18121 to 127.0.0.1:45081 length 596
FreeRADIUS-Total-Access-Requests = 21
FreeRADIUS-Total-Access-Accepts = 0
FreeRADIUS-Total-Access-Rejects = 1
FreeRADIUS-Total-Access-Challenges = 8
FreeRADIUS-Total-Auth-Responses = 9
FreeRADIUS-Total-Auth-Duplicate-Requests = 0
FreeRADIUS-Total-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Auth-Dropped-Requests = 0
FreeRADIUS-Total-Auth-Unknown-Types = 0
FreeRADIUS-Total-Auth-Conflicts = 0
FreeRADIUS-Total-Accounting-Requests = 0
FreeRADIUS-Total-Accounting-Responses = 0
FreeRADIUS-Total-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Acct-Unknown-Types = 0
FreeRADIUS-Total-Acct-Conflicts = 0
FreeRADIUS-Total-Proxy-Access-Requests = 1
FreeRADIUS-Total-Proxy-Access-Accepts = 0
FreeRADIUS-Total-Proxy-Access-Rejects = 0
FreeRADIUS-Total-Proxy-Access-Challenges = 1
FreeRADIUS-Total-Proxy-Auth-Responses = 1
FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0
FreeRADIUS-Total-Proxy-Accounting-Requests = 0
FreeRADIUS-Total-Proxy-Accounting-Responses = 0
FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0
FreeRADIUS-Stats-Start-Time = "Jun 23 2024 16:33:23 CEST"
FreeRADIUS-Stats-HUP-Time = "Jun 23 2024 16:33:23 CEST"
FreeRADIUS-Queue-Len-Internal = 0
FreeRADIUS-Queue-Len-Proxy = 0
FreeRADIUS-Queue-Len-Auth = 0
FreeRADIUS-Queue-Len-Acct = 0
FreeRADIUS-Queue-Len-Detail = 0
FreeRADIUS-Queue-PPS-In = 0
FreeRADIUS-Queue-PPS-Out = 0
FreeRADIUS-Stats-Threads-Active = 1
FreeRADIUS-Stats-Threads-Total = 5
FreeRADIUS-Stats-Threads-Max = 32
***
Thanks in advance for any help on this topic; I know you wrote that the statistics are not always perfect, but I would like to build a monitoring on some parts of those values and if they could be corrected, that would be cool.
Regards
Dominic
More information about the Freeradius-Users
mailing list