(RADIATOR) <Log FILE> not appearing to be working...

Hugh Irvine hugh at open.com.au
Tue Apr 30 01:09:22 CDT 2002


Hello Jeremy -

You would use the PacketTrace parameter in the clauses in which you want the 
trace 4 logging (have a look at the PacketTrace sections in the manual).

Note that it is *much* easier to do this sort of thing with Radar.
	
	http://www.open.com.au/radar

regards

Hugh


On Tue, 30 Apr 2002 14:05, Jeremy Burton wrote:
> ok, thats all good, and i have a much cleaner config file now...
> but one more question - i can't get packet logs unless I have Global
> logging at trace 4. whats the recommended way to handle the situation where
> I only want level 3 logs globally, but want packet dumps for a particular
> few AuthBy clauses.
> would having 2 global loggers, one at level 3 and one at level 4 running,
> with the level 4 logger pointing to some form of null, and the using
> something along the lines of what is suggested below to get the packets
> work?
> or am i misunderstanding again the way in which this works (ie the
> availability of the packet logs at any level below global)?
>
> thanks
>
> jeremy
>
> On Mon, Apr 29, 2002 at 06:22:23PM +1000, Hugh Irvine wrote:
> > Hello Jeremy -
> >
> > You are correct - if you put a <Log FILE> inside an object - you only get
> > the logging for that object.
> >
> > It is generally preferable to use Identifiers for this sort of thing:
> >
> > <AuthBy GROUP>
> > 	<Log FILE>
> > 		Identifer MyLogger
> > 		Filename .....
> > 		Trace ...
> > 	</Log>
> > </AuthBy>
> >
> > <AuthBy ....>
> > 	Identifier MyAuthBy
> > 	.....
> > 	Log MyLogger
> > 	.....
> > </AuthBy>
> >
> > <Handler ....>
> > 	AuthBy MyAuthBy
> > 	.....
> > </Handler>
> >
> > This makes it *much* easier to understand and maintain.
> >
> > NB - the <Log FILE> is defined inside an AuthBy GROUP so it does not
> > become another global logger.
> >
> > TFAP (tricks for advanced players)
> >
> > :-)
> >
> > regards
> >
> > Hugh
> >
> > BTW - you can now use Radar with Radiator 3.0 to do much, much more than
> > was ever possible previously with traces and debugging.
> >
> > 	http://www.open.com.au/radar
> >
> > On Mon, 29 Apr 2002 17:18, Jeremy Burton wrote:
> > > Hi Hugh,
> > >   If you look closely in the two files, one of them does indeed include
> > > all logging (the global logfile). The second one *only* contains the
> > > following line for each request:
> > >
> > > Mon Apr 29 17:10:32 2002: DEBUG: Handling with Radius::AuthGROUP
> > >
> > > and nothing more.... it is the details for the AuthGROUP that i am
> > > indeed after (which should be in here, given that the <Log FILE></Log>
> > > is contained within the <AuthBy GROUP></AuthBy> and not any other
> > > <AuthBy> stuff...)
> > > a little more probing has found that if I then go and put a <Log
> > > FILE></Log> into the <AuthBy FILE></AuthBy> I get that info.. so am i
> > > misinterpreting that the <Log FILE> isn't inherited by the "children"
> > > authby's of an <AuthBy GROUP>?
> > >
> > > Thanks
> > >
> > > Jeremy
> > >
> > > On Mon, Apr 29, 2002 at 04:37:01PM +1000, Hugh Irvine wrote:
> > > > Hello Jeremy -
> > > >
> > > > There are a few things wrong with the configuration file, but you
> > > > should be getting two different logfiles:
> > > >
> > > > 	/etc/raddb/logfile.testing-normal
> > > >
> > > > and
> > > >
> > > > 	%D/logfile.testing-adsl
> > > >
> > > > where %D = /etc/raddb
> > > >
> > > > The first one should contain everything, and the second one should
> > > > contain a subset corresponding to the <Realm adsl>.
> > > >
> > > > I have just been testing this here and it works correctly with the
> > > > configuration file that I will attach to this mail.
> > > >
> > > > BTW - here is the ls -l log*:
> > > >
> > > > ls -l log*
> > > > -rw-r--r--    1 root     root        14994 Apr 29 16:32 logfile
> > > > -rw-r--r--    1 root     root          195 Apr 29 16:31
> > > > logfile.testing-adsl
> > > >
> > > >
> > > > regards
> > > >
> > > > Hugh
> > > >
> > > > On Mon, 29 Apr 2002 15:59, Jeremy Burton wrote:
> > > > > Hi All,
> > > > >   I've just upgraded from Radiator 2.17.1 to Radiator 3.0.
> > > > > I am trying to log different parts of the config to different log
> > > > > files, and am having no luck at all - everything just ends up in
> > > > > the global logfile. Attached is my config file - this isn't
> > > > > actually my main config file, but a smaller one which replicates
> > > > > the problem. Also I'll attach the default entries for the
> > > > > users.dialup and users.adsl... Basically, anyone know why I'm only
> > > > > getting one log file, not two, as i would expect from the
> > > > > additional <Log FILE></Log> directive?
> > > > >
> > > > > radius.cfg:
> > > > >
> > > > > # $Revision: 1.7 $
> > > > > # $Date: 2001/06/28 08:31:35 $
> > > > > #
> > > > > #Foreground
> > > > > #LogStdout
> > > > > Trace	3
> > > > >
> > > > > # NOTE: Anywhere that
> > > > > # PreHandlerHook sub { ${$_[0]}->add_attr('Client-Port-DNIS',
> > > > > '55555550');} # appears is so that eXtremes can log onto analogue
> > > > > equipment..
> > > > >
> > > > > PidFile	/etc/raddb/radiusd.testing.pid
> > > > > AuthPort	1645
> > > > > AcctPort	1646
> > > > > LogDir		/var/radacct
> > > > > LogFile		/etc/raddb/logfile.testing-normal
> > > > > DbDir		/etc/raddb
> > > > > DictionaryFile	/etc/raddb/dictionary.ascend
> > > > >
> > > > > <Client 210.15.210.5>
> > > > > 	FramedGroupBaseAddress 10.200.0.0
> > > > > 	Secret	XXXXXXXXX
> > > > > 	DupInterval 10
> > > > > </Client>
> > > > >
> > > > > <Realm WhoShotAdsl>
> > > > > 	# You can group multiple AuthBy methods with AuthBy GROUP
> > > > > 	<AuthBy GROUP>
> > > > > 		Identifier AdslSystem
> > > > > 		AuthByPolicy ContinueWhileAccept
> > > > > 		<AuthBy SQL>
> > > > > 			# AuthSelect with empty string means dont do auth
> > > > > 			AuthSelect	SELECT password, radius.check_items_new('%n', '%N',
> > > > > '%{Client-Port-DNIS}'), radius.reply_items_new('%n', '%N') FROM
> > > > > SA.Clients, sa.adsl where username = '%n' and adsl.userid =
> > > > > clients.userid AuthColumnDef 0, User-Password, check
> > > > > 			AuthColumnDef 1, GENERIC, check
> > > > > 			AuthColumnDef 2, GENERIC, reply
> > > > > 			DBSource	dbi:Oracle:SOME_SID
> > > > > 			DBUsername	SOME_USER
> > > > > 			DBAuth		SOME_PASS
> > > > > 			AccountingTable
> > > > > 			Timeout 10000
> > > > >                         FailureBackoffTime	300
> > > > > 		</AuthBy>
> > > > > 	</AuthBy>
> > > > > </Realm>
> > > > >
> > > > > <Realm WhoShotWho>
> > > > > 	# You can group multiple AuthBy methods with AuthBy GROUP
> > > > > 	<AuthBy GROUP>
> > > > > 		Identifier System
> > > > > 		AuthByPolicy ContinueWhileAccept
> > > > > 		<AuthBy SYSTEM>
> > > > > 			UseGetspnam
> > > > > 		</AuthBy>
> > > > > 		<AuthBy SQL>
> > > > > 			# AuthSelect with empty string means dont do auth
> > > > > 			AuthSelect	SELECT radius.check_items_new('%n', '%N',
> > > > > '%{Client-Port-DNIS}'), radius.reply_items_new('%n', '%N') FROM
> > > > > SA.Clients where username = '%n' AuthColumnDef 0, GENERIC, check
> > > > > 			AuthColumnDef 1, GENERIC, reply
> > > > > 			DBSource	dbi:Oracle:SOME_SID
> > > > > 			DBUsername	SOME_USER
> > > > > 			DBAuth		SOME_PASS
> > > > > 			AccountingTable
> > > > > 			Timeout 10000
> > > > >                         FailureBackoffTime	300
> > > > > 		</AuthBy>
> > > > > 	</AuthBy>
> > > > > </Realm>
> > > > >
> > > > > <Realm adsl>
> > > > > 	RejectHasReason
> > > > >         RewriteUsername s/\@adsl//
> > > > >         AcctLogFileName %L/adsl/%C/%v%f-%i-%H
> > > > > 	PasswordLogFileName /etc/raddb/password.adsl
> > > > > 	<AuthBy GROUP>
> > > > > 		AuthByPolicy ContinueWhileAccept
> > > > > 		<Log FILE>
> > > > > 		  Trace 3
> > > > >                   Filename %D/logfile.testing-adsl
> > > > >                 </Log>
> > > > > 		<AuthBy RADIUS>
> > > > > 			NoForwardAuthentication
> > > > > 			Host secondhost.seconddomain.com
> > > > > 			Secret	XXXXXXXXX
> > > > > 		</AuthBy>
> > > > > 		<AuthBy FILE>
> > > > > 			Filename %D/users.adsl
> > > > > 		</AuthBy>
> > > > > 	</AuthBy>
> > > > > </Handler>
> > > > >
> > > > > <Handler Realm=>
> > > > > 	RejectHasReason
> > > > > 	AuthByPolicy ContinueWhileIgnore
> > > > >         AcctLogFileName %L/%C/%v%f-%i-%H
> > > > > 	<AuthBy GROUP>
> > > > > 		<AuthBy FILE>
> > > > > 			Filename %D/users.check
> > > > > 		</AuthBy>
> > > > > 		<AuthBy FILE>
> > > > > 			Filename %D/users.dialup
> > > > > 		</AuthBy>
> > > > > 	</AuthBy>
> > > > > </Handler>
> > > > >
> > > > > users.dialup:
> > > > > DEFAULT Auth-Type = System
> > > > >
> > > > > users.adsl:
> > > > > DEFAULT Auth-Type = AdslSystem
> > > > >
> > > > > thanks
> > > > >
> > > > > Jeremy
> > > >
> > > > --
> > > > Radiator: the most portable, flexible and configurable RADIUS server
> > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > > -
> > > > Nets: internetwork inventory and management - graphical, extensible,
> > > > flexible with hardware, software, platform and database independence.
> > > >
> > > > LogDir .
> > > > DbDir .
> > > >
> > > > Trace 4
> > > > Foreground
> > > > LogStdout
> > > >
> > > > <Client localhost>
> > > > 	Secret mysecret
> > > > 	DupInterval 0
> > > > </Client>
> > > >
> > > > <Realm adsl>
> > > >         RejectHasReason
> > > >         <AuthBy GROUP>
> > > >                 AuthByPolicy ContinueWhileAccept
> > > >                 <Log FILE>
> > > >                   Trace 4
> > > >                   Filename %D/logfile.testing-adsl
> > > >                 </Log>
> > > >                 <AuthBy FILE>
> > > >                         Filename %D/users.adsl
> > > >                 </AuthBy>
> > > >         </AuthBy>
> > > > </Realm>
> > > >
> > > > <Realm>
> > > > 	<AuthBy FILE>
> > > > 		Filename %D/users
> > > > 	</AuthBy>
> > > > </Realm>
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list