On 9.6.2023 0.45, Dubravko Penezic via radiator wrote:
How to log timeouted requests on RADIATOR when RADIATOR act like proxy
serverĀ ?
That's a good question. Here's one solution I came up with:
Start by defining a logger as usual, but ensure it also logs IGNORE result.
# %T is Access-Request, Accounting-Request, etc.
<AuthLog FILE>
Identifier radius-authlog
Filename %L/radius-authlog
LogSuccess
LogFailure
LogIgnore
SuccessFormat %l:%U:%1:OK
FailureFormat %l:%U:%1:FAIL
IgnoreFormat %l:%U:%T:%1:IGNORE
</AuthLog>
Within AuthBy RADIUS define a NoReplyHook:
# The 1st argument is the request that Radiator received
# The 2nd argument is the request that Radiator forwarded
# without receiving a reply.
NoReplyHook sub { my $p = ${$_[0]}; \
# return unless $p->code() eq 'Access-Request'; \
my $al = Radius::AuthLogGeneric::find('radius-authlog'); \
$al->authlog($main::IGNORE, 'Timed out', $p) if $al; \
main::log($main::LOG_ERR, 'NoReplyHook: did not find logger')
unless $al; }
The above logs all timeouts, including Accounting-Request timeouts,
using the file authlogger. If you want just Access-Request to be logged,
remove the comment.
Basically log is written once request have final state, or state is set
by handler, but timeouted request dosnt have finale state.
Correct, that's the reason. But it's ok to get a handle to an
authentication logger and call it as above.
It is "big" issue when you try to "debug" some authentication across of
RADIUS hierarchy and a lot of proxy server on a path is RADIATOR instance.
A message about timed out request is logged with INFO level but it goes
to the process logfile. The above should help putting all the results in
the same file.
For example FreeRADIUS write FAIL in log if request is timeout.
You can also log with FAIL, but I used IGNORE and a specific reason so
that it's easier to see which messages timed out.
Note that you can also set up an <AuthLog ...> and use it only to call
from NoReplyHook. This allows you to have a separate log file just for
the timed out requests.
Thanks,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
