[RADIATOR] Password logging not working..

Heikki Vatiainen hvn at open.com.au
Fri Mar 3 11:09:00 UTC 2023 

On 3.3.2023 8.30, Steve Phillips via radiator wrote:

> Thanks for that, this explains why the passwordlog directive wasn't 
> working, however, I sort of solved this in a similar manner with my 
> PreAuthHook wanting to log to a completely separate file that I had 
> defined with a <Log> entry and 'Filename' which was identified by an 
> identifier statement

You can make the separate logger to work with a couple of modifications. 
Update your existing separate Log clause like this:

<AuthBy INTERNAL>
     Identifier authby-not-used
> <Log FILE>
>      Identifier PASSWORDLOG
        Trace 3
>      Filename %L/%Y%m%d_password.log
> </Log>

</AuthBy>

> What I was wondering was how to say 'please write the messages to that 
> file rather than the main radiator.log'
> 
> as..
> 
>      # Use the password log
>      my $logger = &Radius::Configurable::find('Log', 'PASSWORDLOG');
> 
> Whit I would have assume would tie $logger to the FileName 
> %L/%Y%m%d_password.log, but results in nothing being written when trying 
> to capture an authentication request with
> 
> $logger->log($main::LOG_INFO, "user:$user, pass:$pass");

The default Trace value for a <Log ...> clause is 0 (ERR). You'd either 
need to call log with LOG_ERR or set Trace to 3 (INFO) as shown above.

I also suggest wrapping the Log clause within an AuthBy or Handler (such 
as <Handler Notused=1>) that is not expected to be used for processing 
any requests. The reason is that any top level <Log ...> clause will log 
all log messages. A logger within a clause is specific for the enclosing 
clause. It's not pretty and that's why I called this method "arrangement".

Happy password hunting. Please let us know if the above solves the problem.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.

More information about the radiator mailing list