Hello, > On 27 Mar 2017, at 15:02, Patrik Forsberg <[email protected]> wrote: > > I am using the Blacklist feature to block the most commonly used "bad" users > so they won't even get into the password routine but trying to figure out > from which router/NAS the login attempt was done is a hassle today with > having to up the trace and filter through the debug log. Would it be possible > to add NAS IP, Client IP and possibly the Proxy(if one was used) IP to the > log message ? > "Access rejected for 888888: Blacklisted" is sort of anonymous .. >
you can define FailureFormat configuration option for AuthLog where you can include wanted variables. https://www.open.com.au/radiator/ref/SpecialCharacters.html#SpecialCharacters Example config # AuthLog FILE <AuthLog FILE> Identifier My-AuthLog-File # Log accepts LogSuccess 1 # Log format for accept SuccessFormat %l ACCEPT user=%u from=%c nas=%N client=%{Request:Calling-Station-Id} # Log failures LogFailure 1 # Log format for failures FailureFormat %l REJECT user=%u from=%c nas=%N client=%{Request:Calling-Station-Id} # Auth log file Filename %L/auth-%Y-%m-%d.log </AuthLog> # Default Handler <Handler> Identifier My-Default-Handler # Blacklist AuthBy AuthBy-Blacklist # Actual authentication AuthBy ... # AuthLog to be used AuthLog My-AuthLog-File </Handler> Logging used RADIUS proxy requires using ReplyHook and NoReplyHook to include proxy’s address in a request or reply. https://www.open.com.au/radiator/ref/ReplyHook.html#ReplyHook https://www.open.com.au/radiator/ref/NoReplyHook.html#NoReplyHook Example for AuthBy RADIUS ReplyHook sub { ${$_[2]}->add_attr('OSC-Last-Proxy-Address', (Radius::Util::unpack_sockaddr_in(${$_[3]}->{SendTo}))[1] ); } NoReplyHook sub { ${$_[0]}->add_attr('OSC-Last-Proxy-Address', (Radius::Util::unpack_sockaddr_in(${$_[1]}->{SendTo}))[1] ); } and then you can use %{Request:OSC-Last-Proxy-Address} in AuthLog’s SuccessFormat and FailureFormat directives. Logging a failure for a proxied request which was never replied requires Radiator 4.17 which includes NoReplyReject config option https://www.open.com.au/radiator/ref/NoReplyReject_AuthByRADIUS.html#NoReplyReject_AuthByRADIUS BR -- Tuure Vartiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
