(RADIATOR) How to send accounting logs to SYSLOG

Hugh Irvine hugh at open.com.au
Mon Feb 12 03:11:00 CST 2007 

Hello Stuart -

BTW - Radiator does already support SYSLOG for both the debug log and  
the authentication log.

See the Log SYSLOG and AuthLog SYSLOG clauses - sections 5.12 and  
5.70 in the Radiator 3.16 reference manual ("doc/ref.html").

These two should cover most of what you want, as if there is a  
problem with authentication there will not be any accounting in any  
case.

regards

Hugh



On 12 Feb 2007, at 02:47, Stuart Kendrick wrote:

> hi hugh,
>
> ok, i concede that point
>
> i suppose one could employ syslog-over-tcp (RFC3195), but that  
> smells like an awful lot of overhead to me (SYN, SYN, ACK, {data},  
> FIN, FIN ... six packets, compared to the two packet exchange of  
> Radius/UDP, not to mention the cost of TCBs).  so let's discard the  
> idea of syslog-over-tcp
>
> from my point of view, i don't care about accounting ... i provide  
> in-house services, no charge-back, so i don't bother with Radius  
> accounting records.  i do spend time trouble-shooting, poking  
> through logs, and that's where my "forward Windows logs to  
> syslog" (MonitorWare, in our case) solution serves me, to push  
> Radiator logs to my loghost
>
> but this AuthBY EXTERNAL had escaped me ... sounds cleaner ... i'm  
> going to go poke at this, see if i can work my way toward retiring  
> MonitorWare
>
> thank you for the tip!
>
> --sk
>
> Hugh Irvine wrote:
>> Hello Stuart -
>> We will not be adding this to Radiator.
>> The main reason is that SYSLOG is an unreliable protocol and hence  
>> not suitable for accounting.
>> You could write a simple hook or use an AuthBy EXTERNAL to call an  
>> external logger.
>> regards
>> Hugh
>> On 10 Feb 2007, at 03:21, Stuart Kendrick wrote:
>>> hi hugh,
>>>
>>> i'd like to express my enthusiasm for this capability
>>>
>>> we host Radiator on Windows, where this capability would be  
>>> particularly useful
>>>
>>> we employ one of those "forward Windows logs to syslog"  
>>> programs ... which is better than nothing ... but decidedly  
>>> limited.  for starters, these forwarding programs insert a delay  
>>> or a minute or more between receipt of the log entry from  
>>> Radiator to propagating the entry to our loghost ... annoying  
>>> from an accounting perspective and a bear when trying to  
>>> correlate events while trouble-shooting.  and it is another point- 
>>> of-failure ... another link in the chain which can, and does,  
>>> stop working, requiring operator intervention to fix.  [yes, i  
>>> would like to monitor this service and restart it automatically  
>>> when it fails, but i'm not that smart yet]
>>>
>>> if Radiator could forward directly to syslog, we could eliminate  
>>> both these issues
>>>
>>> i haven't a clue what your list looks like, as far as bug fixes  
>>> and enhancements go, nor what your customer base in general  
>>> wants, so i won't pretend to be able to rank this feature request  
>>> alongside those other requests.  but i figure that expressing my  
>>> enthusiasm for it, and explaining why, can help you prioritize
>>>
>>> --sk
>>>
>>> stuart kendrick
>>> fhcrc
>>>
>>>
>>>
>>> Vangelis Kyriakakis wrote:
>>>> Hello Hugh,
>>>>         Thanks for the answer. Is there a technical reason for  
>>>> this or are you going to support it in the future?
>>>>                       Regards
>>>>                             Vangelis
>>>> Hugh Irvine wrote:
>>>>>
>>>>> Hello Vangelis -
>>>>>
>>>>> Radiator does not include support for sending accounting logs  
>>>>> to SYSLOG.
>>>>>
>>>>> regards
>>>>>
>>>>> Hugh
>>>>>
>>>>
>>>
>>> -- 
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>> NB:
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> --Radiator: the most portable, flexible and configurable RADIUS  
>> server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>> -- 
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list