On Mon, May 20, 2013 at 5:13 AM, Arran Cudbard-Bell <[email protected]> wrote: > > On 19 May 2013, at 12:47, Nasser Heidari <[email protected]> wrote: > >> Hi, >> >> I have several Perl modules running on my Radius server, I'm going to remove >> them all and use unlang instead. I have two questions: >> >> 1- The reason that I'm going to change Perl modules with unlang is >> Performance ! I think unlang should have better performance in comparison to >> Perl (Note that I have some mysql queries in my perl modules), is this >> correct? > > Yes. > >> 2- I have used &radius::radlog in my perl modules to log some cases >> on radius.log, is there any equivalent for it in unlang? Could you please >> kindly give an example? > > The linelog module. > > https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/mods-available/linelog > > You either use the 'format' config item, which is xlat expanded and adds a > single line to the log, or you can use 'reference' which is used as a > configuration path, and selects one of multiple other format type config > items. > > How you use them is up to you, and what you're trying to do. > > I believe linelog can also log to syslog.
That's exactly what we are doing, we are using this slightly ugly hack in 2.1.12 to syslog all our events into our centralised syslog server (yeah I know we should upgrade) http://lists.freeradius.org/pipermail/freeradius-users/2012-February/058743.html The only quirk we have is the really depending on what you are doing you will only ever get Access-Request or Accounting-Request packets into linelog (be it an access-accept or access-reject, or accounting start,interim or stop). So we format our two lines to have CSV with escaped quotes using the \" going into the local linelog and via syslog so we get a consistent file format and our upstream syslog server can deal with those messages accordingly: Access-Request = "\"%{ADSL-Agent-Remote-Id}\",\"%{reply:Framed-IP-Address}\",\"%S\",\"Auth\",\"%{reply:Packet-Type}\",\"%{Framed-Protocol}\",\"%{Packet-Src-IP-Address}\",\"%{NAS-IP-Address}\",\"%{NAS-Port}\",\"%{NAS-Port-Id}\",\"%{NAS-Identifier}\",\"%{ADSL-Agent-Circuit-Id}\",\"%{Actual-Data-Rate-Downstream}\",\"%{Actual-Data-Rate-Upstream}\",\"%{reply:Framed-Pool}\",\"%{Acct-Session-Id}\",\"%{Acct-Multi-Session-Id}\",\"%{Acct-Session-Time}\",\"%{Acct-Terminate-Cause}\",\"%{Event-Timestamp}\",\"%{Acct-Delay-Time}\",\"%{Client-Shortname}\",\"%{Huntgroup-Name}\",\"%{reply:Reply-Message}\"" Accounting-Request = "\"%{ADSL-Agent-Remote-Id}\",\"%{Framed-IP-Address}\",\"%S\",\"Acct\",\"%{Acct-Status-Type}\",\"%{Framed-Protocol}\",\"%{Packet-Src-IP-Address}\",\"%{NAS-IP-Address}\",\"%{NAS-Port}\",\"%{NAS-Port-Id}\",\"%{NAS-Identifier}\",\"%{ADSL-Agent-Circuit-Id}\",\"%{Actual-Data-Rate-Downstream}\",\"%{Actual-Data-Rate-Upstream}\"\"%{Framed-Pool}\",\"%{Acct-Session-Id}\",\"%{Acct-Multi-Session-Id}\",\"%{Acct-Session-Time}\",\"%{Acct-Terminate-Cause}\",\"%{Event-Timestamp}\",\"%{Acct-Delay-Time}\",\"%{Client-Shortname}\",\"%{Huntgroup-Name}\",\"%{reply:Reply-Message}\"" Then we have two copies of the same file, one which is to log the events locally to a file and another to send them to syslog, where the only difference in the file is: linelog linelog.file { filename = ${logdir}/linelog.%Y-%m #syslog_facility = local6 vs linelog linelog.syslog6 { filename = syslog syslog_facility = local6 And then just call both modules in our sites-enabled/default or whichever site we need it in during the post-auth and accounting. post-auth { linelog.file linelog.syslog6 Post-Auth-Type REJECT { linelog.file linelog.syslog6 } } and accounting { linelog.file linelog.syslog6 That works a treat for us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
