(RADIATOR) Logging failed authentication attempts
Ronan Eckelberry
radiator at gowebco.com
Fri Feb 15 13:23:50 CST 2002
I do the same kinda thing. I parse it into a webpage for them
to look at though. You know that AuthLog supports logging to SQL, that
way you don't have to run a script to put it in.
-Ronan
-----Original Message-----
From: Dave Kitabjian [mailto:dave at netcarrier.com]
Sent: Friday, 15 February, 2002 14:30
To: Ronan Eckelberry; terry at ccis.net; radiator at open.com.au
Subject: RE: (RADIATOR) Logging failed authentication attempts
As a bonus, here's what we do:
#----------------------------------------
<AuthLog FILE>
Identifier AUTH_LOGGER
Filename %D/Authentication/%R-%h
LogSuccess 1
LogFailure 1
# Note the literal tab characters:
SuccessFormat %l%r \
User-Name = %U%r \
Pass = 1%r \
CallerId = %{Calling-Station-Id}%r \
Typed-Password = %P%r \
Severity = %0%r \
Reason = %1%r%r
FailureFormat %l%r \
User-Name = %U%r \
Pass = 0%r \
CallerId = %{Calling-Station-Id}%r \
Typed-Password = %P%r \
Severity = %0%r \
Reason = %1%r%r
</AuthLog>
#----------------------------------------
This formats it exactly like a Radius accounting packet! Then we use the
same process to import this info in near real-time to our SQL database
as we do for Accounting data. The CallerId is immeasurably handy when
they're mistyping the username and password or if the username comes in
all garbled due to line noise.
Tech support LOVES it :)
Dave
p.s. Before those \ characters are supposed to be literal tabs, not
spaces.
> -----Original Message-----
> From: Ronan Eckelberry [mailto:radiator at gowebco.com]
> Sent: Friday, February 15, 2002 1:18 PM
> To: terry at ccis.net; radiator at open.com.au
> Subject: RE: (RADIATOR) Logging failed authentication attempts
>
>
> Terry,
>
> Check out Section 6.47 in the Radiator manual. It is on
> AuthLog. That should be what you are looking for.
>
> -Ronan
>
>
> -----Original Message-----
> From: owner-radiator at open.com.au
> [mailto:owner-radiator at open.com.au] On > Behalf Of
> terry at ccis.net
> Sent: Friday, 15 February, 2002 12:26
> To: radiator at open.com.au
> Subject: (RADIATOR) Logging failed authentication attempts
>
>
> Hi. I looked through the archives, and it appears that
> logging failed authentication attempts has been a "wish-list"
> item for a while, I'm curious if there is a method in the
> newer versions of radiator.
>
> Thanks,
> Terry Ryan
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list