raddebug seems to ignore username filter on large logs

Tue Mar 26 16:04:39 UTC 2024

Hello,

We are running FreeRADIUS 3.0.21 (git #af428abda).  We plan to upgrade 
in the upcoming months to 3.2.3, but I'm not sure it is related to the 
version.

I recently discovered the raddebug utility which I found really helpful 
(thanks for the work and the related documentation).
I successfully set it up this way:

$ cat /etc/freeradius/sites-enabled/control-socket

listen {
     type = control
     socket = ${run_dir}/${name}.sock
     uid = freerad
     gid = freerad
     mode = rw
}

It works well on our lab server which does not have a lot of requests, 
e.g., using this command: raddebug -u username at realm

But when I run it on the production server, it seems the username filter 
is just ignored.  I get a lot of accounting requests not related to the 
user, just like when I run the server in debug mode (we have a lot of 
requests: about 300 requests logged - mainly accounting - if I run the 
server in debug mode for about 10 seconds).

The configuration of the production server is the same as the lab 
server, as well as the version (3.0.21).

Unless I missed something obvious, my guess is that it is related to the 
number of requests: maybe raddebug is unable to process the filter if 
there is too much requests?

Note I obtain the same result when using radmin:

$ radmin
radmin> debug condition '(User-Name == "username at realm")'
radmin> debug file test-radmin.log
radmin> quit

It works well on the lab, but not on the prod.  The log file has all of 
the requests, ignoring the filter.

I am aware it's like I'm saying "it does not work" at this point, but I 
don't know how to go further to debug raddebug.

Do you have any clue or are you aware of an issue related to raddebug 
ignoring the filter when there are lots of requests?

Thanks.