[RADIATOR] Log messages for Authby Group

Wallner Martin Martin.Wallner at etel.at
Thu Mar 19 03:09:37 CST 2009 

Hi, Hugh,

Than I would like to post a request in here, to make the debug level scopable, so that the overhead one have to endure trying to debug in a live system is not so cataclysmic in the output as it is now (good thing f.e. would be an extension of 'trace_username' in the Monitor, maybe a trace_handler, trace_realm or even trace_AuthBy....) anything to keep the output 'clear' from already working stuff....

thanks :-)
=mw=
 

-----Ursprüngliche Nachricht-----
Von: Hugh Irvine [mailto:hugh at open.com.au] 
Gesendet: Donnerstag, 19. März 2009 02:26
An: Wallner Martin; Markus Moeller
Cc: radiator at open.com.au (radiator at open.com.au)
Betreff: Re: [RADIATOR] Log messages for Authby Group


Hello Markus, Hello Martin -

Thanks for your thoughts and suggestions.

We are reviewing the logging options for the next version of Radiator
- the trick is to avoid massive amounts of overhead.

regards

Hugh


On 19 Mar 2009, at 02:01, Wallner Martin wrote:

> Just to add my 2cents...
>
> Great Idea. Makes the Grouped Auths readable. Nevertheless I would 
> suggest to keep this on 'debug' level (trace 4+) in the 'Accept'
> cases, because AuthGroup is also needed for example when you have one 
> general clause for handling Accounting Packets in a seperate AuthBy 
> clause which you then combine with the authenticate-AuthBy.
> It would clutter your normal log with too much 'Accept' infos...
>
> =mw=
>
>
> -----Ursprüngliche Nachricht-----
> Von: radiator-bounces at open.com.au [mailto:radiator- 
> bounces at open.com.au] Im Auftrag von Markus Moeller
> Gesendet: Mittwoch, 18. März 2009 10:26
> An: radiator at open.com.au
> Betreff: Re: [RADIATOR] Log messages for Authby Group
>
> For version 4.2 I was thinking something like:
>
>
> # diff -c AuthGROUP.pm  AuthGROUP-new.pm
> *** AuthGROUP.pm        Wed Mar 18 09:18:42 2009
> --- AuthGROUP-new.pm    Wed Mar 18 09:23:13 2009
> ***************
> *** 166,193 ****
> --- 166,205 ----
>        if ($self->{AuthByPolicy} eq 'ContinueWhileIgnore')
>        {
>            $stop = ($handled != $main::IGNORE);
> +             $self->log($main::LOG_INFO, "AuthBy $handler- 
> >{Identifier} returned $Radius::AuthGeneric::reasons[$handled],  
> Reason: $reason", $p)
> +                    if (!$stop);
>        }
>        elsif ($self->{AuthByPolicy} eq 'ContinueUntilIgnore')
>        {
>            $stop = ($handled == $main::IGNORE);
> +             $self->log($main::LOG_INFO, "AuthBy $handler- 
> >{Identifier} returned $Radius::AuthGeneric::reasons[$handled],  
> Reason: $reason", $p)
> +                    if (!$stop);
>        }
>        elsif ($self->{AuthByPolicy} eq 'ContinueWhileAccept')
>        {
>            $stop = ($handled != $main::ACCEPT);
> +             $self->log($main::LOG_INFO, "AuthBy $handler- 
> >{Identifier} returned $Radius::AuthGeneric::reasons[$handled],  
> Reason: $reason", $p)
> +                    if (!$stop);
>        }
>        elsif ($self->{AuthByPolicy} eq 'ContinueUntilAccept')
>        {
>            $stop = ($handled == $main::ACCEPT);
> +             $self->log($main::LOG_INFO, "AuthBy $handler- 
> >{Identifier} returned $Radius::AuthGeneric::reasons[$handled],  
> Reason: $reason", $p)
> +                    if (!$stop);
>        }
>        elsif ($self->{AuthByPolicy} eq 'ContinueWhileReject')
>        {
>            $stop = ($handled != $main::REJECT
>                     && $handled != $main::REJECT_IMMEDIATE);
> +             $self->log($main::LOG_INFO, "AuthBy $handler- 
> >{Identifier} returned $Radius::AuthGeneric::reasons[$handled],  
> Reason: $reason", $p)
> +                    if (!$stop);
>        }
>        elsif ($self->{AuthByPolicy} eq 'ContinueUntilReject')
>        {
>            $stop = ($handled == $main::REJECT
>                     || $handled == $main::REJECT_IMMEDIATE);
> +             $self->log($main::LOG_INFO, "AuthBy $handler- 
> >{Identifier} returned $Radius::AuthGeneric::reasons[$handled],  
> Reason: $reason", $p)
> +                    if (!$stop);
>        }
>        last if $stop;
>      }
> #
>
> This will create an Info message if the Authby is not the last.
>
> Markus
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list