Hi Charles, On Thu, Oct 15, 2015 at 09:08:33PM +0000, Charles Rumford wrote: > I’m currently embarking on a project to determine the number of > RADIUS auths per minute each one of my controllers is generating > to plan for the capacity I need for my RADIUS servers. > > I was curious if anyone has embarked on a similar journey and > tried to measure auth rates coming from their controllers?
We feed our RADIUS logs into elasticsearch, which you can then query with kibana to get nice graphs of pretty much whatever you want from the logs, which of course includes requests, auth success, failures per second/minute, hour etc. We have several plots, one of which shows auths per sec for each controller in a stacked graph, as well as controller SNMP traps for RADIUS errors (so we can see when MSCHAP/Samba/AD is becoming overloaded...!). I bundled the basic config for detail files into the FreeRADIUS source: https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/doc/schemas/logstash but that should work with any RADIUS server that writes out detail logs. The only downside to this approach as it stands is that it stores complete logs, so you probably want to rotate them out after a few months for privacy reasons, so you then lose the graphs. I've not looked yet but it should be easy in logstash to output the stats as well to graphite or similar to keep the basic counters around for longer. But this "downside" is of course a great benefit when you want to search for logs, as the result is nearly instantaneous. (Also feeding FreeRADIUS auth logs, Wireless Controller TRAPS and logs, and DHCP logs all in to the same elasticsearch index means you can get an excellent view across all your wireless logs when something goes wrong with a client.) As you're using FreeRADIUS you can also use the "status" virtual server to get stats out - see sites-available/status. You drive it by feeding RADIUS packets into the server (e.g. with radclient) on the status port and it responds with the data. Examples in the server file. They can then be plotted with $GRAPHER_OF_CHOICE. Cheers, Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
