(RADIATOR) Accounting events via syslog

Claudio Lapidus clapidus at gmail.com
Thu Jun 21 07:46:06 CDT 2007


Faisal, thanks a lot for the code!
cl.


On 6/21/07, Hugh Irvine <hugh at open.com.au> wrote:
>
> Hello Faisal -
>
> Many thanks for posting this.
>
> regards
>
> Hugh
>
>
> On 21 Jun 2007, at 11:10, Faisal Imtiaz wrote:
>
> > Hello,
> >
> > ----------------------------------------------------------------------
> > ------
> > ------------------
> > HOW to get Radiator to send Accounting Info to Syslog
> > (Contribution by Martin Wallner Martin.Wallner at eunet.co.at, document
> > compiled by Faisal Imtiaz Faisa at Snappydsl.net)
> >
> >
> > Here is how Martin suggest with some sample code:-
> >
> > ----------------------------------
> > sub {
> >
> >         &main::log($main::LOG_DEBUG,"entering hook");
> >
> >         my $request = ${$_[0]};
> >         my $type=$request->get_attr('Acct-Status-Type');
> >
> >         if ($type =~ /Stop/) {
> >                 my $user=$request->get_attr('User-Name');
> >                 my $nasip=$request->get_attr('NAS-IP-Address');
> >                 my $nasport=$request->get_attr('NAS-Port');
> >                 my $sessid=$request->get_attr('Acct-Session-Id');
> >                 my $ip=$request->get_attr('Framed-IP-Address');
> >                 my $cause=$request->get_attr('Acct-Terminate-Cause');
> >
> >                 &main::log($main::LOG_INFO,"Accounting: '$user'
> > from $nasip
> > port $nasport \$\"$sessid\" $ip $type/$cause - OK");
> >         }
> >
> >         &main::log($main::LOG_DEBUG,"leaving hook");
> >
> >         return;
> > }
> >
> > -------------------------------------------
> >
> > you just put that code snipplet in a file f.e. called 'logaccthook.pl'
> > and call it up within a Handler or a Realm stanza..
> >
> > Like:
> > <Handler Realm = "whatever">
> >         RewriteUsername tr/[A-Z]/[a-z]/
> >         AuthBy whateverauthby                 # can be a complete
> > AuthBy-Clause, mine tend to get complicated and used by more
> >                                                       # than one
> > Handler/Realm :-), the pain of a multi-handler/realm environment...
> >                                                       # that's why I
> > normally do a modular approach with Identifiers
> >                                                       # in the AuthBy'and
> > then group them together with AuthGroup, also named by Identifiers ...
> >                                                       # you get the drift
> > :)
> >         AuthLog syslogger
> >         PreProcessingHook       file:"/etc/radiator/logaccthook.pl"
> >         AccountingHandled
> > </Handler>
> >
> > That's all... than radiator is subbing into the code snipplet,
> > called in in
> > this case BEFORE the AuthBy starts, checking the Request and do the
> > necessery things...
> >
> > There are nice examples of other hooks in the 'goodies' directory
> > of the
> > Radiator-Distribution....
> >
> >
> > Here is Faisal's code modification:-
> > Please note I am not a programer, just a sysadmin who 'worked out
> > the below
> > based on info provided by Martin.
> >
> > This sends accounting messages to the Syslog of the format:-
> > ----------------------------
> > 92989 monitor user-info 2007-06-20 15:32:38 /usr/local/bin/radiusd
> > [544]:
> > Accounting: 'kcm at snappydialup.net' from 209.247.22.209 port 139
> > $"344314140"
> > 4.235.48.139 Stop/ - OK
> >
> > 89847 monitor user-info 2007-06-20 14:41:36 /usr/local/bin/radiusd
> > [544]:
> > Accounting: kcm at snappydialup.net from 209.247.22.209 port 139
> > $"344314140"
> > 4.235.48.139 Start/407xxxxxx / 4073xxxxx - OK
> >
> > 89846 monitor local5-info 2007-06-20 14:41:35 /usr/local/bin/radiusd
> > [544]:
> > Wed Jun 20 14:41:35 2007 kcm at snappydialup.net Logged in Successfully
> >
> > 89524 monitor user-info 2007-06-20 14:36:13 /usr/local/bin/radiusd
> > [544]:
> > Accounting: 'kcm at snappydialup.net' from 209.247.22.198 port 883
> > $"339499713"
> > 4.235.15.79 Stop/ - OK
> >
> > 84369 monitor user-info 2007-06-20 13:07:13 /usr/local/bin/radiusd
> > [544]:
> > Accounting: kcm at snappydialup.net from 209.247.22.198 port 883
> > $"339499713"
> > 4.235.15.79 Start/407xxxxx / 407xxxxxx - OK
> >
> > Faisal's file "logaccthook.pl", 52 lines:
> > ----------------------------------------------------------------------
> > ------
> > ------
> >
> > sub {
> >
> >          &main::log($main::LOG_DEBUG,"entering hook");
> >
> >          my $request = ${$_[0]};
> >          my $type=$request->get_attr('Acct-Status-Type');
> >
> >          if ($type =~ /Stop/) {
> >                  my $user=$request->get_attr('User-Name');
> >                  my $nasip=$request->get_attr('NAS-IP-Address');
> >                  my $nasport=$request->get_attr('NAS-Port');
> >                  my $sessid=$request->get_attr('Acct-Session-Id');
> >                  my $ip=$request->get_attr('Framed-IP-Address');
> >                  my $cause=$request->get_attr('Acct-Terminate-Cause');
> >
> >                  &main::log($main::LOG_INFO,"Accounting:
> >  '$user' from $nasip port $nasport \$\"$sessid\" $ip $type/$cause
> > -  OK");
> >          }
> >
> >  if ($type =~ /Alive/) {
> >                  my $user=$request->get_attr('User-Name');
> >                  my $nasip=$request->get_attr('NAS-IP-Address');
> >                  my $nasport=$request->get_attr('NAS-Port');
> >                  my $sessid=$request->get_attr('Acct-Session-Id');
> >                  my $ip=$request->get_attr('Framed-IP-Address');
> >                  my $tunnelid=$request->get_attr('Tunnel-Client-
> > Auth-ID');
> >                  my $tunnelsr=$request->get_attr('Tunnel-Server-
> > Auth-ID');
> >
> >                  &main::log($main::LOG_INFO,"Accounting:
> >  $user  from $nasip  port $nasport \$\"$sessid\" $ip
> > $type/$tunnelid/$tunnelsr -  OK");
> >          }
> >
> >
> >  if ($type =~ /Start/) {
> >                  my $user=$request->get_attr('User-Name');
> >                  my $nasip=$request->get_attr('NAS-IP-Address');
> >                  my $nasport=$request->get_attr('NAS-Port');
> >                  my $sessid=$request->get_attr('Acct-Session-Id');
> >                  my $ip=$request->get_attr('Framed-IP-Address');
> >                  my $called=$request->get_attr('Called-Station-Id');
> >                  my $calling=$request->get_attr('Calling-Station-Id');
> >
> >                  &main::log($main::LOG_INFO,"Accounting:
> >  $user  from $nasip  port $nasport \$\"$sessid\" $ip $type/$called /
> > $calling -  OK");
> >          }
> >
> >
> >          &main::log($main::LOG_DEBUG,"leaving hook");
> >
> >          return;
> > }
> > ----------------------------------------------------------------------
> > -
> >
> > My Radius.cfg sippet;
> > ----------------------------------------
> >
> >         <ClientListSQL>
> >                 DBSource        dbi:mysql:radius:localhost
> >                 DBUsername      xxxxx
> >                 DBAuth          xxxxxx
> >                 RefreshPeriod   30
> >         </ClientListSQL>
> >
> >        <SessionDatabase SQL>
> >                 DBSource        dbi:mysql:radius:localhost
> >                 DBUsername      xxx
> >                 DBAuth          xxxxxx
> >                 AddQuery        insert into RADONLINE (USERNAME,
> > NASIDENTIFIER, NASPORT, AC
> >                 DeleteQuery     delete from RADONLINE where
> > USERNAME=%0
> >         </SessionDatabase SQL>
> >
> >         # Log accounting to a detail file
> >         AcctLogFileName        /usr/local/etc/radiator/detail
> >         PreProcessingHook file:"/usr/local/etc/radiator/
> > logaccthook.pl"
> >
> >         <AuthLog SQL>
> >                 # MySQL DB, DB radius, host localhost
> >                 DBSource dbi:mysql:radius:localhost
> >                 DBUsername radius
> >                 DBAuth xxxxx
> >                 Table xxxxxx
> >                 SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
> > USERNAME,
> > TYPE, REASON, PA
> >                 FailureQuery insert into RADAUTHLOG (TIME_STAMP,
> > USERNAME,
> > TYPE, REASON, PA
> >                 LogSuccess 1
> >                 LogFailure 1
> >         </AuthLog>
> >         <AuthLog SYSLOG>
> >                 # Identifier
> >                 # Log to syslog facility called 'radius'
> >                 Facility local5
> >                 # Log to a remote host via syslog over udp:
> >                 LogSuccess 1
> >                 LogFailure 1
> >                 SuccessFormat   %l  %n  %0  Logged in Successfully
> >                 FailureFormat   %l  %n  %0  Login Failure,
> > Password= %P
> >         </AuthLog>
> >
> >
> > ----------------------------------------------------------------------
> > ------
> > ----------------------
> >
> > Faisal Imtiaz
> > SnappyDSL.net
> >
> >
> > -----Original Message-----
> > From: owner-radiator at open.com.au [mailto:owner-
> > radiator at open.com.au] On
> > Behalf Of Claudio Lapidus
> > Sent: Wednesday, June 20, 2007 6:19 PM
> > To: radiator at open.com.au
> > Subject: (RADIATOR) Accounting events via syslog
> >
> > Hello Hugh,
> >
> > We're in the need of communicate accounting events to another
> > system via
> > syslog. The idea is to send a message to the local syslog daemon
> > every time
> > an accounting packet is received. The message should contain
> > current values
> > for Acct-Status-Type, NAS-IP-Address, NAS-Port and Class.
> >
> > We've looked the documentation for <Log SYSLOG> and <AuthLog
> > SYSLOG>, but
> > they don't seem to serve our purposes.
> >
> > thanks in advance,
> > cl.
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au To unsubscribe, email
> > 'majordomo at open.com.au' with 'unsubscribe radiator' in the body of the
> > message.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list