(RADIATOR) How to send accounting logs to SYSLOG

Faisal Imtiaz Faisal at Snappydsl.net
Mon Feb 12 05:58:13 CST 2007 

 
A few months back I had asked a similar question, and Martin Wallner was
kind enough to share this tip/code on how to make it work.

Besides the technical merits of syslog etc., our need was to provide
information thru one interface for our Support Techs. We log to the database
and also forward the message to syslog.

Below is the snippet with the details of how to.

Regards.
Faisal
----------------------------------------------------------------------------
-------
----------------------------------------------------------------------------
-------
you just put that code snipplet in a file f.e. called 'logaccthook.pl'
and call it up within a Handler or a Realm stanza..

Like:
<Handler Realm = "whatever">
        RewriteUsername tr/[A-Z]/[a-z]/
        AuthBy whateverauthby			# can be a complete
AuthBy-Clause, mine tend to get complicated and used by more 
							# than one
Handler/Realm :-), the pain of a multi-handler/realm environment...
							# that's why I
normally do a modular approach with Identifiers
							# in the AuthBy'
and then group them together with AuthGroup, also named by Identifiers ...
							# you get the
drift :)
        AuthLog syslogger
        PreProcessingHook       file:"/etc/radiator/logaccthook.pl"
        AccountingHandled
</Handler>
 
That's all... than radiator is subbing into the code snipplet, called in in
this case BEFORE the AuthBy starts, checking the Request and do the
necessery things... 

There are nice examples of other hooks in the 'goodies' directory of the
Radiator-Distribution....

=mw=


> -----Original Message-----
> From: Faisal Imtiaz [mailto:Faisal at Snappydsl.net]
> Sent: Donnerstag, 12. Oktober 2006 14:50
> To: Martin Wallner
> Subject: RE: (RADIATOR) Accounting / Session to Log SYSLOG ?
> 
> Thank Martin,
> 
> Being a newbie to Radiator, could I bother you for a bit of more 
> information on how exactly to incorporate this into my Radiator setup 
> ?
> 
> Many thanks in advance. 
> 
> 
> Faisal Imtiaz
> Computer Office Solutions Inc. /SnappyDSL.net
> Ph: (305) 663-5518
> -----Original Message-----
> From: Martin Wallner [mailto:Martin.Wallner at eunet.co.at]
> Sent: Thursday, October 12, 2006 8:22 AM
> To: Faisal Imtiaz; radiator at open.com.au
> Subject: RE: (RADIATOR) Accounting / Session to Log SYSLOG ?
> 
> We do this with a preprocessing-hook (but I agree with you, it would 
> be ...
> nicer to have this embedded in radiator....)
> 
> Feel free to use it (and yes, it's a bit ... peculiar, but that hook 
> does a bit more in our setup :-)
> 
> =mw=
> 
> ----------------------------------
> sub {
> 
>         &main::log($main::LOG_DEBUG,"entering hook");
> 
>         my $request = ${$_[0]};
>         my $type=$request->get_attr('Acct-Status-Type');
> 
>         if ($type =~ /Stop/) {
>                 my $user=$request->get_attr('User-Name');
>                 my $nasip=$request->get_attr('NAS-IP-Address');
>                 my $nasport=$request->get_attr('NAS-Port');
>                 my $sessid=$request->get_attr('Acct-Session-Id');
>                 my $ip=$request->get_attr('Framed-IP-Address');
>                 my $cause=$request->get_attr('Acct-Terminate-Cause');
> 
>                 &main::log($main::LOG_INFO,"Accounting: 
> '$user' from $nasip port $nasport \$\"$sessid\" $ip $type/$cause - 
> OK");
>         }
> 
>         &main::log($main::LOG_DEBUG,"leaving hook");
> 
>         return;
> }
> ---------------------------------
> 
> > -----Original Message-----
> > From: owner-radiator at open.com.au
> > [mailto:owner-radiator at open.com.au] On Behalf Of Faisal Imtiaz
> > Sent: Donnerstag, 12. Oktober 2006 13:22
> > To: radiator at open.com.au
> > Subject: RE: (RADIATOR) Accounting / Session to Log SYSLOG ?
> > 
> > 
> > Hello,
> > 
> > While we are on the subject of logging messages to Syslog.
> > 
> > Is there a way to send the accounting messages to Syslog ?
> >   i.e.
> > 	>         # Log accounting to a detail file
> > 	>         AcctLogFileName        /usr/local/etc/radiator/detail
> > Instead of going into a file, send these to a central Syslog server.
> > 
> > Or 
> >    Is there a way to send the session messages to Syslog ?
> > 
> > Our customer support reps use the Syslog heavily to provide
> customer
> > support and troubleshoot DSL connections.
> > In the 'Log off' Accounting message there is a key bit of
> information
> > (reason for login off) that they could use by accessing it
> via Syslog.
> > Logging at Trace 3 give too little info, and logging at Trace
> > 4 give too much info !
> > 
> > Thanks.  
> > 
> > Faisal Imtiaz
> > Computer Office Solutions Inc. /SnappyDSL.net
> > Ph: (305) 663-5518
> > 
> >-----------------------------------------------------------


Faisal Imtiaz
Computer Office Solutions Inc. /SnappyDSL.net
Ph: (305) 663-5518 
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Friday, February 09, 2007 6:10 PM
To: Vangelis Kyriakakis
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) How to send accounting logs to SYSLOG


Hello Vangelis -

The main reason is that SYSLOG is an unreliable protocol and hence not
suitable for accounting.

You could write a simple hook or use an AuthBy EXTERNAL to call an external
logger.

regards

Hugh


On 9 Feb 2007, at 19:39, Vangelis Kyriakakis wrote:

>
> Hello Hugh,
>
>         Thanks for the answer. Is there a technical reason for this or 
> are you going to support it in the future?
>
>                       Regards
>                             Vangelis
>
> Hugh Irvine wrote:
>>
>> Hello Vangelis -
>>
>> Radiator does not include support for sending accounting logs to 
>> SYSLOG.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 8 Feb 2007, at 20:02, Vangelis Kyriakakis wrote:
>>
>>> Hello,
>>>
>>>        Is it possible to send accounting logs to SYSLOG?
>>>        I guess I can write to /dev/log using appropriate format for 
>>> the accounting, but it would be convenient to be able to use 
>>> something like the <AuthLog SYSLOG> for the authentication logs.
>>>
>>>             Regards
>>>                 Vangelis
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au To unsubscribe, email 
>>> 'majordomo at open.com.au' with 'unsubscribe radiator' in the body of 
>>> the message.
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets), 
>> together with a trace 4 debug showing what is happening?
>>
>> --Radiator: the most portable, flexible and configurable RADIUS 
>> server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec), and DIAMETER 
>> translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible, 
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au To unsubscribe, email 
> 'majordomo at open.com.au' with 'unsubscribe radiator' in the body of the 
> message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), together
with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec), and DIAMETER
translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list