(RADIATOR) Accounting events via syslog
Faisal Imtiaz
Faisal at Snappydsl.net
Wed Jun 20 20:10:33 CDT 2007
Hello,
----------------------------------------------------------------------------
------------------
HOW to get Radiator to send Accounting Info to Syslog
(Contribution by Martin Wallner Martin.Wallner at eunet.co.at, document
compiled by Faisal Imtiaz Faisa at Snappydsl.net)
Here is how Martin suggest with some sample code:-
----------------------------------
sub {
&main::log($main::LOG_DEBUG,"entering hook");
my $request = ${$_[0]};
my $type=$request->get_attr('Acct-Status-Type');
if ($type =~ /Stop/) {
my $user=$request->get_attr('User-Name');
my $nasip=$request->get_attr('NAS-IP-Address');
my $nasport=$request->get_attr('NAS-Port');
my $sessid=$request->get_attr('Acct-Session-Id');
my $ip=$request->get_attr('Framed-IP-Address');
my $cause=$request->get_attr('Acct-Terminate-Cause');
&main::log($main::LOG_INFO,"Accounting: '$user' from $nasip
port $nasport \$\"$sessid\" $ip $type/$cause - OK");
}
&main::log($main::LOG_DEBUG,"leaving hook");
return;
}
-------------------------------------------
you just put that code snipplet in a file f.e. called 'logaccthook.pl'
and call it up within a Handler or a Realm stanza..
Like:
<Handler Realm = "whatever">
RewriteUsername tr/[A-Z]/[a-z]/
AuthBy whateverauthby # can be a complete
AuthBy-Clause, mine tend to get complicated and used by more
# than one
Handler/Realm :-), the pain of a multi-handler/realm environment...
# that's why I
normally do a modular approach with Identifiers
# in the AuthBy'and
then group them together with AuthGroup, also named by Identifiers ...
# you get the drift
:)
AuthLog syslogger
PreProcessingHook file:"/etc/radiator/logaccthook.pl"
AccountingHandled
</Handler>
That's all... than radiator is subbing into the code snipplet, called in in
this case BEFORE the AuthBy starts, checking the Request and do the
necessery things...
There are nice examples of other hooks in the 'goodies' directory of the
Radiator-Distribution....
Here is Faisal's code modification:-
Please note I am not a programer, just a sysadmin who 'worked out the below
based on info provided by Martin.
This sends accounting messages to the Syslog of the format:-
----------------------------
92989 monitor user-info 2007-06-20 15:32:38 /usr/local/bin/radiusd[544]:
Accounting: 'kcm at snappydialup.net' from 209.247.22.209 port 139 $"344314140"
4.235.48.139 Stop/ - OK
89847 monitor user-info 2007-06-20 14:41:36 /usr/local/bin/radiusd[544]:
Accounting: kcm at snappydialup.net from 209.247.22.209 port 139 $"344314140"
4.235.48.139 Start/407xxxxxx / 4073xxxxx - OK
89846 monitor local5-info 2007-06-20 14:41:35 /usr/local/bin/radiusd[544]:
Wed Jun 20 14:41:35 2007 kcm at snappydialup.net Logged in Successfully
89524 monitor user-info 2007-06-20 14:36:13 /usr/local/bin/radiusd[544]:
Accounting: 'kcm at snappydialup.net' from 209.247.22.198 port 883 $"339499713"
4.235.15.79 Stop/ - OK
84369 monitor user-info 2007-06-20 13:07:13 /usr/local/bin/radiusd[544]:
Accounting: kcm at snappydialup.net from 209.247.22.198 port 883 $"339499713"
4.235.15.79 Start/407xxxxx / 407xxxxxx - OK
Faisal's file "logaccthook.pl", 52 lines:
----------------------------------------------------------------------------
------
sub {
&main::log($main::LOG_DEBUG,"entering hook");
my $request = ${$_[0]};
my $type=$request->get_attr('Acct-Status-Type');
if ($type =~ /Stop/) {
my $user=$request->get_attr('User-Name');
my $nasip=$request->get_attr('NAS-IP-Address');
my $nasport=$request->get_attr('NAS-Port');
my $sessid=$request->get_attr('Acct-Session-Id');
my $ip=$request->get_attr('Framed-IP-Address');
my $cause=$request->get_attr('Acct-Terminate-Cause');
&main::log($main::LOG_INFO,"Accounting:
'$user' from $nasip port $nasport \$\"$sessid\" $ip $type/$cause - OK");
}
if ($type =~ /Alive/) {
my $user=$request->get_attr('User-Name');
my $nasip=$request->get_attr('NAS-IP-Address');
my $nasport=$request->get_attr('NAS-Port');
my $sessid=$request->get_attr('Acct-Session-Id');
my $ip=$request->get_attr('Framed-IP-Address');
my $tunnelid=$request->get_attr('Tunnel-Client-Auth-ID');
my $tunnelsr=$request->get_attr('Tunnel-Server-Auth-ID');
&main::log($main::LOG_INFO,"Accounting:
$user from $nasip port $nasport \$\"$sessid\" $ip
$type/$tunnelid/$tunnelsr - OK");
}
if ($type =~ /Start/) {
my $user=$request->get_attr('User-Name');
my $nasip=$request->get_attr('NAS-IP-Address');
my $nasport=$request->get_attr('NAS-Port');
my $sessid=$request->get_attr('Acct-Session-Id');
my $ip=$request->get_attr('Framed-IP-Address');
my $called=$request->get_attr('Called-Station-Id');
my $calling=$request->get_attr('Calling-Station-Id');
&main::log($main::LOG_INFO,"Accounting:
$user from $nasip port $nasport \$\"$sessid\" $ip $type/$called /
$calling - OK");
}
&main::log($main::LOG_DEBUG,"leaving hook");
return;
}
-----------------------------------------------------------------------
My Radius.cfg sippet;
----------------------------------------
<ClientListSQL>
DBSource dbi:mysql:radius:localhost
DBUsername xxxxx
DBAuth xxxxxx
RefreshPeriod 30
</ClientListSQL>
<SessionDatabase SQL>
DBSource dbi:mysql:radius:localhost
DBUsername xxx
DBAuth xxxxxx
AddQuery insert into RADONLINE (USERNAME,
NASIDENTIFIER, NASPORT, AC
DeleteQuery delete from RADONLINE where USERNAME=%0
</SessionDatabase SQL>
# Log accounting to a detail file
AcctLogFileName /usr/local/etc/radiator/detail
PreProcessingHook file:"/usr/local/etc/radiator/logaccthook.pl"
<AuthLog SQL>
# MySQL DB, DB radius, host localhost
DBSource dbi:mysql:radius:localhost
DBUsername radius
DBAuth xxxxx
Table xxxxxx
SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, PA
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, PA
LogSuccess 1
LogFailure 1
</AuthLog>
<AuthLog SYSLOG>
# Identifier
# Log to syslog facility called 'radius'
Facility local5
# Log to a remote host via syslog over udp:
LogSuccess 1
LogFailure 1
SuccessFormat %l %n %0 Logged in Successfully
FailureFormat %l %n %0 Login Failure, Password= %P
</AuthLog>
----------------------------------------------------------------------------
----------------------
Faisal Imtiaz
SnappyDSL.net
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Claudio Lapidus
Sent: Wednesday, June 20, 2007 6:19 PM
To: radiator at open.com.au
Subject: (RADIATOR) Accounting events via syslog
Hello Hugh,
We're in the need of communicate accounting events to another system via
syslog. The idea is to send a message to the local syslog daemon every time
an accounting packet is received. The message should contain current values
for Acct-Status-Type, NAS-IP-Address, NAS-Port and Class.
We've looked the documentation for <Log SYSLOG> and <AuthLog SYSLOG>, but
they don't seem to serve our purposes.
thanks in advance,
cl.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au To unsubscribe, email
'majordomo at open.com.au' with 'unsubscribe radiator' in the body of the
message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list