On 19 Jul 2013, at 14:29, Anja Ruckdaeschel
<[email protected]> wrote:
> But it DID appear in earlier versions of freeradius with default settings for
> logging.
Don't know. You're welcome to dig though the source to find out...
>
> And I don´t see the difference to something logging Erros like
>
> Error: Ignoring request to authentication address * port 1812 from unknown
> client x.x.x.x port 1092
Yep that shouldn't really be in there either. I believe the philosophy behind
the main log is to only log server global errors and informational messages at
the default level.
> regarding the mentioned DoS problem.
>
> We´re using a logfile monitoring for years in order to find misconfigured NAS
> of ours.
Not entirely sure how that's related to DoS. But ok... That's, um, interesting.
> Seems we cannot do this with freeradius 2.2.0 anymore?
You can however use the radmin socket to show invalid packet counters. If
they're going up you've probably got a mis-configured NAS. The server also
keeps stats on a per client basis too.
This is a much saner and more robust way of doing that. There's no guarantee
that log message formats won't change, even between sub versions, and then your
log monitoring system would be stuffed.
I'll talk to Alan D about it, I know triggers are rate limited in 3.0.0, I can
actually see the utility in a client error trigger, there may even already be
one. That'd be a much cleaner way to do what you want.
PS: The debug level only goes up to 4 :)
and you want "%{debug: 4}"
^ Note the space (I <3 monospaced fonts)
Arran Cudbard-Bell <[email protected]>
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
