(RADIATOR) Accounting events via syslog

Faisal Imtiaz Faisal at Snappydsl.net
Wed Jun 20 20:10:33 CDT 2007


Hello,
 
----------------------------------------------------------------------------
------------------
HOW to get Radiator to send Accounting Info to Syslog
(Contribution by Martin Wallner Martin.Wallner at eunet.co.at, document
compiled by Faisal Imtiaz Faisa at Snappydsl.net)


Here is how Martin suggest with some sample code:-

----------------------------------
sub {

        &main::log($main::LOG_DEBUG,"entering hook");

        my $request = ${$_[0]};
        my $type=$request->get_attr('Acct-Status-Type');

        if ($type =~ /Stop/) {
                my $user=$request->get_attr('User-Name');
                my $nasip=$request->get_attr('NAS-IP-Address');
                my $nasport=$request->get_attr('NAS-Port');
                my $sessid=$request->get_attr('Acct-Session-Id');
                my $ip=$request->get_attr('Framed-IP-Address');
                my $cause=$request->get_attr('Acct-Terminate-Cause');

                &main::log($main::LOG_INFO,"Accounting: '$user' from $nasip
port $nasport \$\"$sessid\" $ip $type/$cause - OK");
        }

        &main::log($main::LOG_DEBUG,"leaving hook");

        return;
}

-------------------------------------------

you just put that code snipplet in a file f.e. called 'logaccthook.pl'
and call it up within a Handler or a Realm stanza..

Like:
<Handler Realm = "whatever">
        RewriteUsername tr/[A-Z]/[a-z]/
        AuthBy whateverauthby			# can be a complete
AuthBy-Clause, mine tend to get complicated and used by more 
							# than one
Handler/Realm :-), the pain of a multi-handler/realm environment...
							# that's why I
normally do a modular approach with Identifiers
							# in the AuthBy'and
then group them together with AuthGroup, also named by Identifiers ...
							# you get the drift
:)
        AuthLog syslogger
        PreProcessingHook       file:"/etc/radiator/logaccthook.pl"
        AccountingHandled
</Handler>
 
That's all... than radiator is subbing into the code snipplet, called in in
this case BEFORE the AuthBy starts, checking the Request and do the
necessery things... 

There are nice examples of other hooks in the 'goodies' directory of the
Radiator-Distribution....


Here is Faisal's code modification:-
Please note I am not a programer, just a sysadmin who 'worked out the below
based on info provided by Martin.

This sends accounting messages to the Syslog of the format:-
----------------------------
92989 monitor user-info 2007-06-20 15:32:38 /usr/local/bin/radiusd[544]:
Accounting: 'kcm at snappydialup.net' from 209.247.22.209 port 139 $"344314140"
4.235.48.139 Stop/ - OK 

89847 monitor user-info 2007-06-20 14:41:36 /usr/local/bin/radiusd[544]:
Accounting: kcm at snappydialup.net from 209.247.22.209 port 139 $"344314140"
4.235.48.139 Start/407xxxxxx / 4073xxxxx - OK 

89846 monitor local5-info 2007-06-20 14:41:35 /usr/local/bin/radiusd[544]:
Wed Jun 20 14:41:35 2007 kcm at snappydialup.net Logged in Successfully 

89524 monitor user-info 2007-06-20 14:36:13 /usr/local/bin/radiusd[544]:
Accounting: 'kcm at snappydialup.net' from 209.247.22.198 port 883 $"339499713"
4.235.15.79 Stop/ - OK 

84369 monitor user-info 2007-06-20 13:07:13 /usr/local/bin/radiusd[544]:
Accounting: kcm at snappydialup.net from 209.247.22.198 port 883 $"339499713"
4.235.15.79 Start/407xxxxx / 407xxxxxx - OK 

Faisal's file "logaccthook.pl", 52 lines:
----------------------------------------------------------------------------
------

sub {

         &main::log($main::LOG_DEBUG,"entering hook");

         my $request = ${$_[0]};
         my $type=$request->get_attr('Acct-Status-Type');

         if ($type =~ /Stop/) {
                 my $user=$request->get_attr('User-Name');
                 my $nasip=$request->get_attr('NAS-IP-Address');
                 my $nasport=$request->get_attr('NAS-Port');
                 my $sessid=$request->get_attr('Acct-Session-Id');
                 my $ip=$request->get_attr('Framed-IP-Address');
                 my $cause=$request->get_attr('Acct-Terminate-Cause');

                 &main::log($main::LOG_INFO,"Accounting:
 '$user' from $nasip port $nasport \$\"$sessid\" $ip $type/$cause -  OK");
         }

 if ($type =~ /Alive/) {
                 my $user=$request->get_attr('User-Name');
                 my $nasip=$request->get_attr('NAS-IP-Address');
                 my $nasport=$request->get_attr('NAS-Port');
                 my $sessid=$request->get_attr('Acct-Session-Id');
                 my $ip=$request->get_attr('Framed-IP-Address');
                 my $tunnelid=$request->get_attr('Tunnel-Client-Auth-ID');
                 my $tunnelsr=$request->get_attr('Tunnel-Server-Auth-ID');

                 &main::log($main::LOG_INFO,"Accounting:
 $user  from $nasip  port $nasport \$\"$sessid\" $ip
$type/$tunnelid/$tunnelsr -  OK");
         }


 if ($type =~ /Start/) {
                 my $user=$request->get_attr('User-Name');
                 my $nasip=$request->get_attr('NAS-IP-Address');
                 my $nasport=$request->get_attr('NAS-Port');
                 my $sessid=$request->get_attr('Acct-Session-Id');
                 my $ip=$request->get_attr('Framed-IP-Address');
                 my $called=$request->get_attr('Called-Station-Id');
                 my $calling=$request->get_attr('Calling-Station-Id');

                 &main::log($main::LOG_INFO,"Accounting:
 $user  from $nasip  port $nasport \$\"$sessid\" $ip $type/$called /
$calling -  OK");
         }


         &main::log($main::LOG_DEBUG,"leaving hook");

         return;
}
-----------------------------------------------------------------------

My Radius.cfg sippet;
----------------------------------------

        <ClientListSQL>
                DBSource        dbi:mysql:radius:localhost
                DBUsername      xxxxx
                DBAuth          xxxxxx
                RefreshPeriod   30
        </ClientListSQL>

       <SessionDatabase SQL>
                DBSource        dbi:mysql:radius:localhost
                DBUsername      xxx
                DBAuth          xxxxxx
                AddQuery        insert into RADONLINE (USERNAME,
NASIDENTIFIER, NASPORT, AC
                DeleteQuery     delete from RADONLINE where USERNAME=%0
        </SessionDatabase SQL>

        # Log accounting to a detail file
        AcctLogFileName        /usr/local/etc/radiator/detail
        PreProcessingHook file:"/usr/local/etc/radiator/logaccthook.pl"

        <AuthLog SQL>
                # MySQL DB, DB radius, host localhost
                DBSource dbi:mysql:radius:localhost
                DBUsername radius
                DBAuth xxxxx
                Table xxxxxx
                SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, PA
                FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, PA
                LogSuccess 1
                LogFailure 1
        </AuthLog>
        <AuthLog SYSLOG>
                # Identifier
                # Log to syslog facility called 'radius'
                Facility local5
                # Log to a remote host via syslog over udp:
                LogSuccess 1
                LogFailure 1
                SuccessFormat   %l  %n  %0  Logged in Successfully
                FailureFormat   %l  %n  %0  Login Failure, Password= %P
        </AuthLog>


----------------------------------------------------------------------------
----------------------

Faisal Imtiaz
SnappyDSL.net


-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Claudio Lapidus
Sent: Wednesday, June 20, 2007 6:19 PM
To: radiator at open.com.au
Subject: (RADIATOR) Accounting events via syslog

Hello Hugh,

We're in the need of communicate accounting events to another system via
syslog. The idea is to send a message to the local syslog daemon every time
an accounting packet is received. The message should contain current values
for Acct-Status-Type, NAS-IP-Address, NAS-Port and Class.

We've looked the documentation for <Log SYSLOG> and <AuthLog SYSLOG>, but
they don't seem to serve our purposes.

thanks in advance,
cl.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au To unsubscribe, email
'majordomo at open.com.au' with 'unsubscribe radiator' in the body of the
message.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list