Hi Heikki,

Am 04.09.2017 um 14:05 schrieb Heikki Vatiainen:
On 1.9.2017 16.48, Karl Gaissmaier wrote:

What do you think about a LogSkipHook in MessageLogFILE?

Tuure mentioned that similar functionality (ACL to match what gets captured) on certain devices has been very useful. The hook would also allow trigger capture based on attributes since it can access the message contents too.

yep


See the attached patch, this would be very helpful for debugging sporadically occurring errors.

I would be glad if you could accept this feature request or patch.

We'll take a look at how to fit this in. It's probably better to have in the parent class and be more aware of direction (in/out) and protocol so that we can support TACACS+ too. However, I'd say it would be close to what you had in the patch.

Sure, the way you implement the skip hook is truly best in your hands!

Btw, I named it LogSkipHook and not MessageLogSkipHook because a LogSkipHook would also be very useful in some Log Modules. I you logg in DEBUG mode, the amount is overwhelming, to choose programmatically what messages get skipped would be fine.

...

And, you know, it was just a quick and dirty solution for me, now I was able to debug the long running nasty behavior of this messages:

WARNING: 1XX.1YY.75.138 Unknown reply received in AuthRADSEC for request 51157 from ZZZZ.dfn.de (1XX.1YY.75.138:2083)

in wireshark.

Solution:

You log just the extended Id from $fp proxied to the upstream, since the original packet $p is no longer in pending state. But when you logg the noreply for $p seconds before, you logg just the identifier of the original $p and NOT the corresponding proxied ext Id of $fp, therefore I could not match the late responsive packet to the originator!

Now I've understood the reason I wrote a NoReplyHook in AuthBy RADSEC in order to be able to match both logg message:

    NoReplyHook     sub { \
                        my ($p, $fp) = (${$_[0]}, ${$_[1]}); \
                        my $psid = Radius::AuthRADSEC->get_psid($fp); \
main::log($main::LOG_WARNING,"AuthRADSEC: No reply for $p->{OriginalUserName} id=($p->{Identifier}), proxy-ext-Id:($psid)"); \
            }


Maybe you should patch also the Logg message

sub failed
{
    my ($self, $host, $fp, $p) = @_;

my $msg = "AuthRADSEC: No reply from $host->{Host}:$host->{Port} for $p->{OriginalUserName} ($p->{Identifier})";

to logg the corresponding $fp Extended Idtoo, then we need no Hook to match the reason for the
'Unknown reply received in AuthRADSEC  ....' logg messages,


Best Regards and thanks again for maintaining and improving RADIATOR!

  Charly

--
Karl Gaissmaier
Universit├Ąt Ulm
kiz, Kommunikations und Informationszentrum
89069 Ulm
Tel.: 49(0)731/50-22499
Fax : 49(0)731/50-12-22499

_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to