(RADIATOR) How to send accounting logs to SYSLOG
Stuart Kendrick
skendric at fhcrc.org
Sun Feb 11 09:47:30 CST 2007
hi hugh,
ok, i concede that point
i suppose one could employ syslog-over-tcp (RFC3195), but that smells
like an awful lot of overhead to me (SYN, SYN, ACK, {data}, FIN, FIN ...
six packets, compared to the two packet exchange of Radius/UDP, not to
mention the cost of TCBs). so let's discard the idea of syslog-over-tcp
from my point of view, i don't care about accounting ... i provide
in-house services, no charge-back, so i don't bother with Radius
accounting records. i do spend time trouble-shooting, poking through
logs, and that's where my "forward Windows logs to syslog" (MonitorWare,
in our case) solution serves me, to push Radiator logs to my loghost
but this AuthBY EXTERNAL had escaped me ... sounds cleaner ... i'm going
to go poke at this, see if i can work my way toward retiring MonitorWare
thank you for the tip!
--sk
Hugh Irvine wrote:
>
> Hello Stuart -
>
> We will not be adding this to Radiator.
>
> The main reason is that SYSLOG is an unreliable protocol and hence not
> suitable for accounting.
>
> You could write a simple hook or use an AuthBy EXTERNAL to call an
> external logger.
>
> regards
>
> Hugh
>
>
>
> On 10 Feb 2007, at 03:21, Stuart Kendrick wrote:
>
>> hi hugh,
>>
>> i'd like to express my enthusiasm for this capability
>>
>> we host Radiator on Windows, where this capability would be
>> particularly useful
>>
>> we employ one of those "forward Windows logs to syslog" programs ...
>> which is better than nothing ... but decidedly limited. for starters,
>> these forwarding programs insert a delay or a minute or more between
>> receipt of the log entry from Radiator to propagating the entry to our
>> loghost ... annoying from an accounting perspective and a bear when
>> trying to correlate events while trouble-shooting. and it is another
>> point-of-failure ... another link in the chain which can, and does,
>> stop working, requiring operator intervention to fix. [yes, i would
>> like to monitor this service and restart it automatically when it
>> fails, but i'm not that smart yet]
>>
>> if Radiator could forward directly to syslog, we could eliminate both
>> these issues
>>
>> i haven't a clue what your list looks like, as far as bug fixes and
>> enhancements go, nor what your customer base in general wants, so i
>> won't pretend to be able to rank this feature request alongside those
>> other requests. but i figure that expressing my enthusiasm for it,
>> and explaining why, can help you prioritize
>>
>> --sk
>>
>> stuart kendrick
>> fhcrc
>>
>>
>>
>> Vangelis Kyriakakis wrote:
>>> Hello Hugh,
>>> Thanks for the answer. Is there a technical reason for this
>>> or are you going to support it in the future?
>>> Regards
>>> Vangelis
>>> Hugh Irvine wrote:
>>>>
>>>> Hello Vangelis -
>>>>
>>>> Radiator does not include support for sending accounting logs to
>>>> SYSLOG.
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list