On 04/10/2012 10:42 PM, Linuxchuck wrote:
> I'm looking for a way to log all possible Reply attributes to my authlog
> file. I use many different types of VSAs, and would rather not have to scrub
> through all of my configs just to manually add each named Reply attribute to
> my <AuthLog FILE> stanza.
Hmm, I do not think this has been requested before or such functionality
currently exists directly.
You could try the following PostAuthHook to collect all reply attributes
to a pseudo attribute in request and logging the whole thing from
request with:
SuccessFormat %l: [%{GlobalVar:DevType}] [%n] [%c] [%{NAS-IP-Address}]
[%{Calling-Station-Id}] Accept %{Request:X-Reply-Attrs}
Here's an example hook. You can add attributes you do not want to see in
the logs to ignore list.
PostAuthHook file:"combine-reply-attrs-hook.pl"
sub {
my $p = ${$_[0]}; # Request packet
my $rp = ${$_[1]}; # Response packet
my @ignored = qw(EAP-Message Some-Other-Attribute);
my ($i, $all) = (0, '');
while (my ($name, $value) = $rp->get_attr_val_n($i++)) {
next if grep {$_ eq $name} @ignored;
$all .= "$name=$value, ";
}
$all =~ s/, $//; # Remove trailing ', '
$p->add_attr("X-Reply-Attrs", $all);
}
Please let us know how this works.
Heikki
> Here's what I currently have:
>
> <AuthLog FILE>
> Identifier AuthLogger
> Filename /var/log/Radiator/authlog
> SuccessFormat %l: [%{GlobalVar:DevType}] [%n] [%c]
> [%{NAS-IP-Address}] [%{Calling-Station-Id}] Accept %{Reply:Class}
> FailureFormat %l: [%{GlobalVar:DevType}] [%n] [%c]
> [%{NAS-IP-Address}] [%{Calling-Station-Id}] Reject - %1
> LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> This works just great if all I want to see is the Class attribute reply in my
> logfiles. I see the Class assigned to any user if there is one right at the
> end of any Access-Accept line in my logs.
>
> However, I have at least a dozen different reply attributes I'd like to
> track. Since I'm not a perl guru by any stretch of the imagination, I'd love
> to know if there is some sort of secret-sauce I can stick in that reply
> variable to make it ... well ... Variable.
>
> Here's a quick list off of the top of my head to give you an idea of the
> types of Replies I have it sending out:
> Class
> Framed-IP-Address
> (Vendor)-Group-Name
> (Vendor)-Interface-Name
> Service-Type
> and so-on, and so-forth...
>
> Oh... and no, I don't want to turn up the Trace just for this... :-P
>
> Thanks in advance!
>
> Chuck
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
