(RADIATOR) Accounting events via syslog
Claudio Lapidus
clapidus at gmail.com
Thu Jun 21 07:46:06 CDT 2007
Faisal, thanks a lot for the code!
cl.
On 6/21/07, Hugh Irvine <hugh at open.com.au> wrote:
>
> Hello Faisal -
>
> Many thanks for posting this.
>
> regards
>
> Hugh
>
>
> On 21 Jun 2007, at 11:10, Faisal Imtiaz wrote:
>
> > Hello,
> >
> > ----------------------------------------------------------------------
> > ------
> > ------------------
> > HOW to get Radiator to send Accounting Info to Syslog
> > (Contribution by Martin Wallner Martin.Wallner at eunet.co.at, document
> > compiled by Faisal Imtiaz Faisa at Snappydsl.net)
> >
> >
> > Here is how Martin suggest with some sample code:-
> >
> > ----------------------------------
> > sub {
> >
> > &main::log($main::LOG_DEBUG,"entering hook");
> >
> > my $request = ${$_[0]};
> > my $type=$request->get_attr('Acct-Status-Type');
> >
> > if ($type =~ /Stop/) {
> > my $user=$request->get_attr('User-Name');
> > my $nasip=$request->get_attr('NAS-IP-Address');
> > my $nasport=$request->get_attr('NAS-Port');
> > my $sessid=$request->get_attr('Acct-Session-Id');
> > my $ip=$request->get_attr('Framed-IP-Address');
> > my $cause=$request->get_attr('Acct-Terminate-Cause');
> >
> > &main::log($main::LOG_INFO,"Accounting: '$user'
> > from $nasip
> > port $nasport \$\"$sessid\" $ip $type/$cause - OK");
> > }
> >
> > &main::log($main::LOG_DEBUG,"leaving hook");
> >
> > return;
> > }
> >
> > -------------------------------------------
> >
> > you just put that code snipplet in a file f.e. called 'logaccthook.pl'
> > and call it up within a Handler or a Realm stanza..
> >
> > Like:
> > <Handler Realm = "whatever">
> > RewriteUsername tr/[A-Z]/[a-z]/
> > AuthBy whateverauthby # can be a complete
> > AuthBy-Clause, mine tend to get complicated and used by more
> > # than one
> > Handler/Realm :-), the pain of a multi-handler/realm environment...
> > # that's why I
> > normally do a modular approach with Identifiers
> > # in the AuthBy'and
> > then group them together with AuthGroup, also named by Identifiers ...
> > # you get the drift
> > :)
> > AuthLog syslogger
> > PreProcessingHook file:"/etc/radiator/logaccthook.pl"
> > AccountingHandled
> > </Handler>
> >
> > That's all... than radiator is subbing into the code snipplet,
> > called in in
> > this case BEFORE the AuthBy starts, checking the Request and do the
> > necessery things...
> >
> > There are nice examples of other hooks in the 'goodies' directory
> > of the
> > Radiator-Distribution....
> >
> >
> > Here is Faisal's code modification:-
> > Please note I am not a programer, just a sysadmin who 'worked out
> > the below
> > based on info provided by Martin.
> >
> > This sends accounting messages to the Syslog of the format:-
> > ----------------------------
> > 92989 monitor user-info 2007-06-20 15:32:38 /usr/local/bin/radiusd
> > [544]:
> > Accounting: 'kcm at snappydialup.net' from 209.247.22.209 port 139
> > $"344314140"
> > 4.235.48.139 Stop/ - OK
> >
> > 89847 monitor user-info 2007-06-20 14:41:36 /usr/local/bin/radiusd
> > [544]:
> > Accounting: kcm at snappydialup.net from 209.247.22.209 port 139
> > $"344314140"
> > 4.235.48.139 Start/407xxxxxx / 4073xxxxx - OK
> >
> > 89846 monitor local5-info 2007-06-20 14:41:35 /usr/local/bin/radiusd
> > [544]:
> > Wed Jun 20 14:41:35 2007 kcm at snappydialup.net Logged in Successfully
> >
> > 89524 monitor user-info 2007-06-20 14:36:13 /usr/local/bin/radiusd
> > [544]:
> > Accounting: 'kcm at snappydialup.net' from 209.247.22.198 port 883
> > $"339499713"
> > 4.235.15.79 Stop/ - OK
> >
> > 84369 monitor user-info 2007-06-20 13:07:13 /usr/local/bin/radiusd
> > [544]:
> > Accounting: kcm at snappydialup.net from 209.247.22.198 port 883
> > $"339499713"
> > 4.235.15.79 Start/407xxxxx / 407xxxxxx - OK
> >
> > Faisal's file "logaccthook.pl", 52 lines:
> > ----------------------------------------------------------------------
> > ------
> > ------
> >
> > sub {
> >
> > &main::log($main::LOG_DEBUG,"entering hook");
> >
> > my $request = ${$_[0]};
> > my $type=$request->get_attr('Acct-Status-Type');
> >
> > if ($type =~ /Stop/) {
> > my $user=$request->get_attr('User-Name');
> > my $nasip=$request->get_attr('NAS-IP-Address');
> > my $nasport=$request->get_attr('NAS-Port');
> > my $sessid=$request->get_attr('Acct-Session-Id');
> > my $ip=$request->get_attr('Framed-IP-Address');
> > my $cause=$request->get_attr('Acct-Terminate-Cause');
> >
> > &main::log($main::LOG_INFO,"Accounting:
> > '$user' from $nasip port $nasport \$\"$sessid\" $ip $type/$cause
> > - OK");
> > }
> >
> > if ($type =~ /Alive/) {
> > my $user=$request->get_attr('User-Name');
> > my $nasip=$request->get_attr('NAS-IP-Address');
> > my $nasport=$request->get_attr('NAS-Port');
> > my $sessid=$request->get_attr('Acct-Session-Id');
> > my $ip=$request->get_attr('Framed-IP-Address');
> > my $tunnelid=$request->get_attr('Tunnel-Client-
> > Auth-ID');
> > my $tunnelsr=$request->get_attr('Tunnel-Server-
> > Auth-ID');
> >
> > &main::log($main::LOG_INFO,"Accounting:
> > $user from $nasip port $nasport \$\"$sessid\" $ip
> > $type/$tunnelid/$tunnelsr - OK");
> > }
> >
> >
> > if ($type =~ /Start/) {
> > my $user=$request->get_attr('User-Name');
> > my $nasip=$request->get_attr('NAS-IP-Address');
> > my $nasport=$request->get_attr('NAS-Port');
> > my $sessid=$request->get_attr('Acct-Session-Id');
> > my $ip=$request->get_attr('Framed-IP-Address');
> > my $called=$request->get_attr('Called-Station-Id');
> > my $calling=$request->get_attr('Calling-Station-Id');
> >
> > &main::log($main::LOG_INFO,"Accounting:
> > $user from $nasip port $nasport \$\"$sessid\" $ip $type/$called /
> > $calling - OK");
> > }
> >
> >
> > &main::log($main::LOG_DEBUG,"leaving hook");
> >
> > return;
> > }
> > ----------------------------------------------------------------------
> > -
> >
> > My Radius.cfg sippet;
> > ----------------------------------------
> >
> > <ClientListSQL>
> > DBSource dbi:mysql:radius:localhost
> > DBUsername xxxxx
> > DBAuth xxxxxx
> > RefreshPeriod 30
> > </ClientListSQL>
> >
> > <SessionDatabase SQL>
> > DBSource dbi:mysql:radius:localhost
> > DBUsername xxx
> > DBAuth xxxxxx
> > AddQuery insert into RADONLINE (USERNAME,
> > NASIDENTIFIER, NASPORT, AC
> > DeleteQuery delete from RADONLINE where
> > USERNAME=%0
> > </SessionDatabase SQL>
> >
> > # Log accounting to a detail file
> > AcctLogFileName /usr/local/etc/radiator/detail
> > PreProcessingHook file:"/usr/local/etc/radiator/
> > logaccthook.pl"
> >
> > <AuthLog SQL>
> > # MySQL DB, DB radius, host localhost
> > DBSource dbi:mysql:radius:localhost
> > DBUsername radius
> > DBAuth xxxxx
> > Table xxxxxx
> > SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
> > USERNAME,
> > TYPE, REASON, PA
> > FailureQuery insert into RADAUTHLOG (TIME_STAMP,
> > USERNAME,
> > TYPE, REASON, PA
> > LogSuccess 1
> > LogFailure 1
> > </AuthLog>
> > <AuthLog SYSLOG>
> > # Identifier
> > # Log to syslog facility called 'radius'
> > Facility local5
> > # Log to a remote host via syslog over udp:
> > LogSuccess 1
> > LogFailure 1
> > SuccessFormat %l %n %0 Logged in Successfully
> > FailureFormat %l %n %0 Login Failure,
> > Password= %P
> > </AuthLog>
> >
> >
> > ----------------------------------------------------------------------
> > ------
> > ----------------------
> >
> > Faisal Imtiaz
> > SnappyDSL.net
> >
> >
> > -----Original Message-----
> > From: owner-radiator at open.com.au [mailto:owner-
> > radiator at open.com.au] On
> > Behalf Of Claudio Lapidus
> > Sent: Wednesday, June 20, 2007 6:19 PM
> > To: radiator at open.com.au
> > Subject: (RADIATOR) Accounting events via syslog
> >
> > Hello Hugh,
> >
> > We're in the need of communicate accounting events to another
> > system via
> > syslog. The idea is to send a message to the local syslog daemon
> > every time
> > an accounting packet is received. The message should contain
> > current values
> > for Acct-Status-Type, NAS-IP-Address, NAS-Port and Class.
> >
> > We've looked the documentation for <Log SYSLOG> and <AuthLog
> > SYSLOG>, but
> > they don't seem to serve our purposes.
> >
> > thanks in advance,
> > cl.
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au To unsubscribe, email
> > 'majordomo at open.com.au' with 'unsubscribe radiator' in the body of the
> > message.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list