Hi Heikki,
Am 04.09.2017 um 14:05 schrieb Heikki Vatiainen:
On 1.9.2017 16.48, Karl Gaissmaier wrote:
What do you think about a LogSkipHook in MessageLogFILE?
Tuure mentioned that similar functionality (ACL to match what gets
captured) on certain devices has been very useful. The hook would also
allow trigger capture based on attributes since it can access the
message contents too.
yep
See the attached patch, this would be very helpful for debugging
sporadically occurring errors.
I would be glad if you could accept this feature request or patch.
We'll take a look at how to fit this in. It's probably better to have
in the parent class and be more aware of direction (in/out) and
protocol so that we can support TACACS+ too. However, I'd say it would
be close to what you had in the patch.
Sure, the way you implement the skip hook is truly best in your hands!
Btw, I named it LogSkipHook and not MessageLogSkipHook because a
LogSkipHook would also be very useful in some Log Modules.
I you logg in DEBUG mode, the amount is overwhelming, to choose
programmatically what messages get skipped would be fine.
...
And, you know, it was just a quick and dirty solution for me, now I was
able to debug the long running nasty behavior of this messages:
WARNING: 1XX.1YY.75.138 Unknown reply received in AuthRADSEC for
request 51157 from ZZZZ.dfn.de (1XX.1YY.75.138:2083)
in wireshark.
Solution:
You log just the extended Id from $fp proxied to the upstream, since the
original packet $p is no longer in pending state.
But when you logg the noreply for $p seconds before, you logg just the
identifier of the original $p and NOT the corresponding proxied ext Id
of $fp, therefore I could not match the late responsive packet to the
originator!
Now I've understood the reason I wrote a NoReplyHook in AuthBy RADSEC in
order to be able to match both logg message:
NoReplyHook sub { \
my ($p, $fp) = (${$_[0]}, ${$_[1]}); \
my $psid = Radius::AuthRADSEC->get_psid($fp); \
main::log($main::LOG_WARNING,"AuthRADSEC: No
reply for $p->{OriginalUserName} id=($p->{Identifier}),
proxy-ext-Id:($psid)"); \
}
Maybe you should patch also the Logg message
sub failed
{
my ($self, $host, $fp, $p) = @_;
my $msg = "AuthRADSEC: No reply from $host->{Host}:$host->{Port}
for $p->{OriginalUserName} ($p->{Identifier})";
to logg the corresponding $fp Extended Idtoo, then we need no Hook to
match the reason for the
'Unknown reply received in AuthRADSEC ....' logg messages,
Best Regards and thanks again for maintaining and improving RADIATOR!
Charly
--
Karl Gaissmaier
Universität Ulm
kiz, Kommunikations und Informationszentrum
89069 Ulm
Tel.: 49(0)731/50-22499
Fax : 49(0)731/50-12-22499
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator
