Yeah, doing things a bit backwards. I'll be looking to upgrade to 2.1.1 as soon as reasonable. I'm hoping that's sooner rather than later. It appears in the short term I can read the radacct log files into the SIEM by parsing the entries into discrete fields. Kind of sub-optimal, but it'll get me moving for now and I can hopefully upgrade into a better logging position shortly.
Thanks for the reply! Tremaine Lea Network Security Consultant Intrepid ACL "Paranoia for hire" On 29 September 2011 11:42, Arran Cudbard-Bell <[email protected]> wrote: > > On 29 Sep 2011, at 18:51, Tremaine Lea wrote: > >> I have a requirement to get successful and failed radius >> authentication logs from FreeRADIUS to a SIEM for audit purposes. I >> have updated the config to log to syslog, but I need more information >> than is currently appearing. >> >> Example: >> Sep 29 10:40:56 radiusserver radiusd[13806]: Login incorrect: [azbycx] >> (from client ScreenNets port 0) >> >> Is there a way to syslog the username, client-ip-addres and >> calling-station-id that appears in radacct? Alternately, is there a >> way to send radacct to syslog instead of the file system? In my ideal >> world, all of the information currently recorded for radacct would be >> logged to the SIEM but I'm not sure how to best achieve that. >> >> I've been through the documentation and just am not finding an obvious >> way to change what information is sent to syslog. >> >> Any help/suggestions would be much appreciated. > > Upgrade. > > Use the rlm_linelog module :) > > 1.1.3 was released five years ago, i'm not sure what you're wanting is > possible in a 1.* version and even if it was i'm not sure anyone would > remember how to configure it... > > Arran Cudbard-Bell > [email protected] > > Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ ! > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
