(RADIATOR) Accounting events via syslog
Hugh Irvine
hugh at open.com.au
Wed Jun 20 22:07:25 CDT 2007
Hello Faisal -
Many thanks for posting this.
regards
Hugh
On 21 Jun 2007, at 11:10, Faisal Imtiaz wrote:
> Hello,
>
> ----------------------------------------------------------------------
> ------
> ------------------
> HOW to get Radiator to send Accounting Info to Syslog
> (Contribution by Martin Wallner Martin.Wallner at eunet.co.at, document
> compiled by Faisal Imtiaz Faisa at Snappydsl.net)
>
>
> Here is how Martin suggest with some sample code:-
>
> ----------------------------------
> sub {
>
> &main::log($main::LOG_DEBUG,"entering hook");
>
> my $request = ${$_[0]};
> my $type=$request->get_attr('Acct-Status-Type');
>
> if ($type =~ /Stop/) {
> my $user=$request->get_attr('User-Name');
> my $nasip=$request->get_attr('NAS-IP-Address');
> my $nasport=$request->get_attr('NAS-Port');
> my $sessid=$request->get_attr('Acct-Session-Id');
> my $ip=$request->get_attr('Framed-IP-Address');
> my $cause=$request->get_attr('Acct-Terminate-Cause');
>
> &main::log($main::LOG_INFO,"Accounting: '$user'
> from $nasip
> port $nasport \$\"$sessid\" $ip $type/$cause - OK");
> }
>
> &main::log($main::LOG_DEBUG,"leaving hook");
>
> return;
> }
>
> -------------------------------------------
>
> you just put that code snipplet in a file f.e. called 'logaccthook.pl'
> and call it up within a Handler or a Realm stanza..
>
> Like:
> <Handler Realm = "whatever">
> RewriteUsername tr/[A-Z]/[a-z]/
> AuthBy whateverauthby # can be a complete
> AuthBy-Clause, mine tend to get complicated and used by more
> # than one
> Handler/Realm :-), the pain of a multi-handler/realm environment...
> # that's why I
> normally do a modular approach with Identifiers
> # in the AuthBy'and
> then group them together with AuthGroup, also named by Identifiers ...
> # you get the drift
> :)
> AuthLog syslogger
> PreProcessingHook file:"/etc/radiator/logaccthook.pl"
> AccountingHandled
> </Handler>
>
> That's all... than radiator is subbing into the code snipplet,
> called in in
> this case BEFORE the AuthBy starts, checking the Request and do the
> necessery things...
>
> There are nice examples of other hooks in the 'goodies' directory
> of the
> Radiator-Distribution....
>
>
> Here is Faisal's code modification:-
> Please note I am not a programer, just a sysadmin who 'worked out
> the below
> based on info provided by Martin.
>
> This sends accounting messages to the Syslog of the format:-
> ----------------------------
> 92989 monitor user-info 2007-06-20 15:32:38 /usr/local/bin/radiusd
> [544]:
> Accounting: 'kcm at snappydialup.net' from 209.247.22.209 port 139
> $"344314140"
> 4.235.48.139 Stop/ - OK
>
> 89847 monitor user-info 2007-06-20 14:41:36 /usr/local/bin/radiusd
> [544]:
> Accounting: kcm at snappydialup.net from 209.247.22.209 port 139
> $"344314140"
> 4.235.48.139 Start/407xxxxxx / 4073xxxxx - OK
>
> 89846 monitor local5-info 2007-06-20 14:41:35 /usr/local/bin/radiusd
> [544]:
> Wed Jun 20 14:41:35 2007 kcm at snappydialup.net Logged in Successfully
>
> 89524 monitor user-info 2007-06-20 14:36:13 /usr/local/bin/radiusd
> [544]:
> Accounting: 'kcm at snappydialup.net' from 209.247.22.198 port 883
> $"339499713"
> 4.235.15.79 Stop/ - OK
>
> 84369 monitor user-info 2007-06-20 13:07:13 /usr/local/bin/radiusd
> [544]:
> Accounting: kcm at snappydialup.net from 209.247.22.198 port 883
> $"339499713"
> 4.235.15.79 Start/407xxxxx / 407xxxxxx - OK
>
> Faisal's file "logaccthook.pl", 52 lines:
> ----------------------------------------------------------------------
> ------
> ------
>
> sub {
>
> &main::log($main::LOG_DEBUG,"entering hook");
>
> my $request = ${$_[0]};
> my $type=$request->get_attr('Acct-Status-Type');
>
> if ($type =~ /Stop/) {
> my $user=$request->get_attr('User-Name');
> my $nasip=$request->get_attr('NAS-IP-Address');
> my $nasport=$request->get_attr('NAS-Port');
> my $sessid=$request->get_attr('Acct-Session-Id');
> my $ip=$request->get_attr('Framed-IP-Address');
> my $cause=$request->get_attr('Acct-Terminate-Cause');
>
> &main::log($main::LOG_INFO,"Accounting:
> '$user' from $nasip port $nasport \$\"$sessid\" $ip $type/$cause
> - OK");
> }
>
> if ($type =~ /Alive/) {
> my $user=$request->get_attr('User-Name');
> my $nasip=$request->get_attr('NAS-IP-Address');
> my $nasport=$request->get_attr('NAS-Port');
> my $sessid=$request->get_attr('Acct-Session-Id');
> my $ip=$request->get_attr('Framed-IP-Address');
> my $tunnelid=$request->get_attr('Tunnel-Client-
> Auth-ID');
> my $tunnelsr=$request->get_attr('Tunnel-Server-
> Auth-ID');
>
> &main::log($main::LOG_INFO,"Accounting:
> $user from $nasip port $nasport \$\"$sessid\" $ip
> $type/$tunnelid/$tunnelsr - OK");
> }
>
>
> if ($type =~ /Start/) {
> my $user=$request->get_attr('User-Name');
> my $nasip=$request->get_attr('NAS-IP-Address');
> my $nasport=$request->get_attr('NAS-Port');
> my $sessid=$request->get_attr('Acct-Session-Id');
> my $ip=$request->get_attr('Framed-IP-Address');
> my $called=$request->get_attr('Called-Station-Id');
> my $calling=$request->get_attr('Calling-Station-Id');
>
> &main::log($main::LOG_INFO,"Accounting:
> $user from $nasip port $nasport \$\"$sessid\" $ip $type/$called /
> $calling - OK");
> }
>
>
> &main::log($main::LOG_DEBUG,"leaving hook");
>
> return;
> }
> ----------------------------------------------------------------------
> -
>
> My Radius.cfg sippet;
> ----------------------------------------
>
> <ClientListSQL>
> DBSource dbi:mysql:radius:localhost
> DBUsername xxxxx
> DBAuth xxxxxx
> RefreshPeriod 30
> </ClientListSQL>
>
> <SessionDatabase SQL>
> DBSource dbi:mysql:radius:localhost
> DBUsername xxx
> DBAuth xxxxxx
> AddQuery insert into RADONLINE (USERNAME,
> NASIDENTIFIER, NASPORT, AC
> DeleteQuery delete from RADONLINE where
> USERNAME=%0
> </SessionDatabase SQL>
>
> # Log accounting to a detail file
> AcctLogFileName /usr/local/etc/radiator/detail
> PreProcessingHook file:"/usr/local/etc/radiator/
> logaccthook.pl"
>
> <AuthLog SQL>
> # MySQL DB, DB radius, host localhost
> DBSource dbi:mysql:radius:localhost
> DBUsername radius
> DBAuth xxxxx
> Table xxxxxx
> SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
> USERNAME,
> TYPE, REASON, PA
> FailureQuery insert into RADAUTHLOG (TIME_STAMP,
> USERNAME,
> TYPE, REASON, PA
> LogSuccess 1
> LogFailure 1
> </AuthLog>
> <AuthLog SYSLOG>
> # Identifier
> # Log to syslog facility called 'radius'
> Facility local5
> # Log to a remote host via syslog over udp:
> LogSuccess 1
> LogFailure 1
> SuccessFormat %l %n %0 Logged in Successfully
> FailureFormat %l %n %0 Login Failure,
> Password= %P
> </AuthLog>
>
>
> ----------------------------------------------------------------------
> ------
> ----------------------
>
> Faisal Imtiaz
> SnappyDSL.net
>
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-
> radiator at open.com.au] On
> Behalf Of Claudio Lapidus
> Sent: Wednesday, June 20, 2007 6:19 PM
> To: radiator at open.com.au
> Subject: (RADIATOR) Accounting events via syslog
>
> Hello Hugh,
>
> We're in the need of communicate accounting events to another
> system via
> syslog. The idea is to send a message to the local syslog daemon
> every time
> an accounting packet is received. The message should contain
> current values
> for Acct-Status-Type, NAS-IP-Address, NAS-Port and Class.
>
> We've looked the documentation for <Log SYSLOG> and <AuthLog
> SYSLOG>, but
> they don't seem to serve our purposes.
>
> thanks in advance,
> cl.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au To unsubscribe, email
> 'majordomo at open.com.au' with 'unsubscribe radiator' in the body of the
> message.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list