Hello,

> On 27 Mar 2017, at 15:02, Patrik Forsberg <patrik.forsb...@ip-only.se> wrote:
> 
> I am using the Blacklist feature to block the most commonly used "bad" users 
> so they won't even get into the password routine but trying to figure out 
> from which router/NAS the login attempt was done is a hassle today with 
> having to up the trace and filter through the debug log. Would it be possible 
> to add NAS IP, Client IP and possibly the Proxy(if one was used) IP to the 
> log message ?
> "Access rejected for 888888: Blacklisted" is sort of anonymous ..
> 

you can define FailureFormat configuration option for AuthLog where you can 
include wanted variables.

https://www.open.com.au/radiator/ref/SpecialCharacters.html#SpecialCharacters

Example config

# AuthLog FILE
<AuthLog FILE>
    Identifier My-AuthLog-File

    # Log accepts
    LogSuccess 1
    # Log format for accept
    SuccessFormat %l ACCEPT user=%u from=%c nas=%N 
client=%{Request:Calling-Station-Id}

    # Log failures
    LogFailure 1
    # Log format for failures
    FailureFormat %l REJECT user=%u from=%c nas=%N 
client=%{Request:Calling-Station-Id}

    # Auth log file
    Filename %L/auth-%Y-%m-%d.log
</AuthLog>

# Default Handler
<Handler>
    Identifier My-Default-Handler

    # Blacklist
    AuthBy AuthBy-Blacklist

    # Actual authentication
    AuthBy ...

    # AuthLog to be used
    AuthLog My-AuthLog-File
</Handler>


Logging used RADIUS proxy requires using ReplyHook and NoReplyHook to include 
proxy’s 
address in a request or reply.

https://www.open.com.au/radiator/ref/ReplyHook.html#ReplyHook
https://www.open.com.au/radiator/ref/NoReplyHook.html#NoReplyHook


Example for AuthBy RADIUS

ReplyHook sub { ${$_[2]}->add_attr('OSC-Last-Proxy-Address', 
(Radius::Util::unpack_sockaddr_in(${$_[3]}->{SendTo}))[1] ); }
NoReplyHook sub { ${$_[0]}->add_attr('OSC-Last-Proxy-Address', 
(Radius::Util::unpack_sockaddr_in(${$_[1]}->{SendTo}))[1] ); }

and then you can use %{Request:OSC-Last-Proxy-Address} in AuthLog’s 
SuccessFormat and FailureFormat directives.


Logging a failure for a proxied request which was never replied requires 
Radiator 4.17 which includes NoReplyReject config option

https://www.open.com.au/radiator/ref/NoReplyReject_AuthByRADIUS.html#NoReplyReject_AuthByRADIUS


BR
-- 
Tuure Vartiainen <varti...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to