On 27.5.2016 16.04, Hartmaier Alexander wrote: > The log messages emitted by ServerTACACSPLUS sadly lack all the standard > Radius attributes like Handler:Identifier, User-Name, Client-Identifier etc. > Is there a way to improve this situation?
We can, and have already thought about, adding $p (the current request object, or sometimes $rp, the reply object) to a number of log messages that happen within message context. That is, where $p or $rp is available. The request/reply object should provide more information about handlers, clients, etc. > The log messages in question are: > - Could not get peer name on TacacsplusConnection socket: Transport > endpoint is not connected Hmm, that's happening very early withing server tacacsplus, so there's no request, client, etc is available yet. Improvements here may be small, if any. > - Authorization permitted for $USERNAME at $IPADDR, group $GROUPNAME, > args service=shell cmd* Should be possible, not completely sure yet though. > But there are also non-ServerTACACSPLUS messages that don't include > those infos where it would be nice to know which Handler/AuthBy > trigggered them (those come from an AuthBy LDAP2, but which one?): > - Connecting to 1.2.3.4:636 1.2.3.5:636 > - Connected to 1.2.3.4:636 > - Attempting to bind to LDAP server 1.2.3.4:636 These should be possible. Sometimes, for example with ClientList LDAP, the functions that log these are not called within message context. In other words, depending on the log caller, the call may or may not include the request that provides Client etc, information. I'll notify via this list when I have more information about these Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
