Re: [RADIATOR] Performance logging

2016-04-04 Thread A . L . M . Buxey
Hi, > Somewhat yes, I get the idea of anonymizing user’s identity with PEAP, but > for example with demo test certificates bundled with Radiator, PEAP-TLS > takes 15 rounds for a single EAP authentication. well, PEAP itself takes around 12-14 rounds - the EAP-TLS part is short. however,

Re: [RADIATOR] Performance logging

2016-04-04 Thread Hartmaier Alexander
Hi, On 2016-03-30 15:10, Tuure Vartiainen wrote: > Hi, > >> On 30 Mar 2016, at 14:55, Hartmaier Alexander >> wrote: >> >> we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner. >> Not sure if the outher EAP-PEAP adds any real security as the

Re: [RADIATOR] Performance logging

2016-03-30 Thread Tuure Vartiainen
Hi, > On 30 Mar 2016, at 14:55, Hartmaier Alexander > wrote: > > we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner. > Not sure if the outher EAP-PEAP adds any real security as the Radiator > cert is the same one for both types as it only hides

Re: [RADIATOR] Performance logging

2016-03-30 Thread Hartmaier Alexander
Hi Tuure, we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner. Not sure if the outher EAP-PEAP adds any real security as the Radiator cert is the same one for both types as it only hides the transmission of the user cert which can be classified like a public key imho. I've already

Re: [RADIATOR] Performance logging

2016-03-30 Thread Tuure Vartiainen
Hi, > On 30 Mar 2016, at 14:13, Hartmaier Alexander > wrote: > > yes this is the total auth time. Is one second a usual value for a > PEAP-TLS auth? > just out of curiosity, how do you calculate the total auth time? An EAP authentication takes around 4-10

Re: [RADIATOR] Performance logging

2016-03-30 Thread Hugh Irvine
Hello Alex - It depends on what you are looking at. EAP involves multiple RADIUS messages to and from the end user device and Radiator. If you are looking at the overall response time from the initial RADIUS Access-Request, through all of the EAP back and forth, to the ultimate

Re: [RADIATOR] Performance logging

2016-03-30 Thread Tuure Vartiainen
Hi, > On 29 Mar 2016, at 11:53, Hartmaier Alexander > wrote: > > I've copied the calculation code to my LogFormatHook code: > > $message->{response_time} = Radius::Util::timeInterval( \ > $p->{RecvTime}, \ > $p->{RecvTimeMicros},

Re: [RADIATOR] Performance logging

2016-03-29 Thread Hartmaier Alexander
Thanks for the extensive infos! I've copied the calculation code to my LogFormatHook code: $message->{response_time} = Radius::Util::timeInterval( \ $p->{RecvTime}, \ $p->{RecvTimeMicros}, Radius::Util::getTimeHires()); \ I'd still prefer if that float was available with

Re: [RADIATOR] Performance logging

2016-03-26 Thread Heikki Vatiainen
On 03/24/2016 01:18 PM, Hartmaier Alexander wrote: > If you already calculate the response time can you please also expose it > via a special placeholder character? In the current patches there's the possibility to log RecvTime and RecvTimeMicros which are the second and microsecond of the time

Re: [RADIATOR] Performance logging

2016-03-24 Thread Alan Buxey
I believe that the latest 4.16 patchsets allow all packets related to a particular authentication to be linked/tracked - you might find that to be useful alan___ radiator mailing list radiator@open.com.au

Re: [RADIATOR] Performance logging

2016-03-24 Thread Hartmaier Alexander
Hi, that's neat! If you already calculate the response time can you please also expose it via a special placeholder character? I'd add this value to the AuthLog which goes via RabbitMQ to Elasticsearch and can then be graphed in Kibana. We only struggle with Radiators' logging in one place: the

Re: [RADIATOR] Performance logging

2016-03-24 Thread Heikki Vatiainen
On 24.3.2016 0.28, Hugh Irvine wrote: > Otherwise you can add your own custom time attributes in the current > request packet and post-process the logs to derive the deltas. Maybe this recent addition to 4.16 patches would be helpful too? Added a new global configuration parameter:

Re: [RADIATOR] Performance logging

2016-03-23 Thread Hugh Irvine
Hi Alex - I may have misunderstood your original question - %s is only the offset in the current second. For what you want to do you should probably be using “LogMicroseconds” global parameter (requires “Time-Hires” from CPAN). Otherwise you can add your own custom time attributes in the

Re: [RADIATOR] Performance logging

2016-03-23 Thread Hugh Irvine
Hello Alex - %s is the number of microseconds in the current second. From section 5.2 of the Radiator 4.16 reference manual (“doc/ref.pdf”): %s Microseconds in the current second Note that the RADIUS protocol only defines times in seconds. regards Hugh > On 23 Mar 2016, at 19:44,