(RADIATOR) Logging failed authentication attempts
Dave Kitabjian
dave at netcarrier.com
Fri Feb 15 13:30:02 CST 2002
As a bonus, here's what we do:
#----------------------------------------
<AuthLog FILE>
Identifier AUTH_LOGGER
Filename %D/Authentication/%R-%h
LogSuccess 1
LogFailure 1
# Note the literal tab characters:
SuccessFormat %l%r \
User-Name = %U%r \
Pass = 1%r \
CallerId = %{Calling-Station-Id}%r \
Typed-Password = %P%r \
Severity = %0%r \
Reason = %1%r%r
FailureFormat %l%r \
User-Name = %U%r \
Pass = 0%r \
CallerId = %{Calling-Station-Id}%r \
Typed-Password = %P%r \
Severity = %0%r \
Reason = %1%r%r
</AuthLog>
#----------------------------------------
This formats it exactly like a Radius accounting packet! Then we use the
same process to import this info in near real-time to our SQL database
as we do for Accounting data. The CallerId is immeasurably handy when
they're mistyping the username and password or if the username comes in
all garbled due to line noise.
Tech support LOVES it :)
Dave
p.s. Before those \ characters are supposed to be literal tabs, not
spaces.
> -----Original Message-----
> From: Ronan Eckelberry [mailto:radiator at gowebco.com]
> Sent: Friday, February 15, 2002 1:18 PM
> To: terry at ccis.net; radiator at open.com.au
> Subject: RE: (RADIATOR) Logging failed authentication attempts
>
>
> Terry,
>
> Check out Section 6.47 in the Radiator manual. It is on
> AuthLog. That should be what you are looking for.
>
> -Ronan
>
>
> -----Original Message-----
> From: owner-radiator at open.com.au
> [mailto:owner-radiator at open.com.au] On > Behalf Of
> terry at ccis.net
> Sent: Friday, 15 February, 2002 12:26
> To: radiator at open.com.au
> Subject: (RADIATOR) Logging failed authentication attempts
>
>
> Hi. I looked through the archives, and it appears that
> logging failed authentication attempts has been a "wish-list"
> item for a while, I'm curious if there is a method in the
> newer versions of radiator.
>
> Thanks,
> Terry Ryan
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list