[RADIATOR] Log messages for Authby Group
Hugh Irvine
hugh at open.com.au
Thu Mar 19 15:08:25 CST 2009
Hello Martin -
You can already do this with the "PacketTrace" parameter.
See section 25.2.12 in the Radiator 4.4 reference manual ("doc/
ref.pdf").
PacketTrace is also described in sections 5.5.17, 5.17.28 and 5.18.49
of the manual.
regards
Hugh
On 19 Mar 2009, at 20:09, Wallner Martin wrote:
> Hi, Hugh,
>
> Than I would like to post a request in here, to make the debug level
> scopable, so that the overhead one have to endure trying to debug in
> a live system is not so cataclysmic in the output as it is now (good
> thing f.e. would be an extension of 'trace_username' in the Monitor,
> maybe a trace_handler, trace_realm or even trace_AuthBy....)
> anything to keep the output 'clear' from already working stuff....
>
> thanks :-)
> =mw=
>
>
> -----Ursprüngliche Nachricht-----
> Von: Hugh Irvine [mailto:hugh at open.com.au]
> Gesendet: Donnerstag, 19. März 2009 02:26
> An: Wallner Martin; Markus Moeller
> Cc: radiator at open.com.au (radiator at open.com.au)
> Betreff: Re: [RADIATOR] Log messages for Authby Group
>
>
> Hello Markus, Hello Martin -
>
> Thanks for your thoughts and suggestions.
>
> We are reviewing the logging options for the next version of Radiator
> - the trick is to avoid massive amounts of overhead.
>
> regards
>
> Hugh
>
>
> On 19 Mar 2009, at 02:01, Wallner Martin wrote:
>
>> Just to add my 2cents...
>>
>> Great Idea. Makes the Grouped Auths readable. Nevertheless I would
>> suggest to keep this on 'debug' level (trace 4+) in the 'Accept'
>> cases, because AuthGroup is also needed for example when you have one
>> general clause for handling Accounting Packets in a seperate AuthBy
>> clause which you then combine with the authenticate-AuthBy.
>> It would clutter your normal log with too much 'Accept' infos...
>>
>> =mw=
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: radiator-bounces at open.com.au [mailto:radiator-
>> bounces at open.com.au] Im Auftrag von Markus Moeller
>> Gesendet: Mittwoch, 18. März 2009 10:26
>> An: radiator at open.com.au
>> Betreff: Re: [RADIATOR] Log messages for Authby Group
>>
>> For version 4.2 I was thinking something like:
>>
>>
>> # diff -c AuthGROUP.pm AuthGROUP-new.pm
>> *** AuthGROUP.pm Wed Mar 18 09:18:42 2009
>> --- AuthGROUP-new.pm Wed Mar 18 09:23:13 2009
>> ***************
>> *** 166,193 ****
>> --- 166,205 ----
>> if ($self->{AuthByPolicy} eq 'ContinueWhileIgnore')
>> {
>> $stop = ($handled != $main::IGNORE);
>> + $self->log($main::LOG_INFO, "AuthBy $handler-
>>> {Identifier} returned $Radius::AuthGeneric::reasons[$handled],
>> Reason: $reason", $p)
>> + if (!$stop);
>> }
>> elsif ($self->{AuthByPolicy} eq 'ContinueUntilIgnore')
>> {
>> $stop = ($handled == $main::IGNORE);
>> + $self->log($main::LOG_INFO, "AuthBy $handler-
>>> {Identifier} returned $Radius::AuthGeneric::reasons[$handled],
>> Reason: $reason", $p)
>> + if (!$stop);
>> }
>> elsif ($self->{AuthByPolicy} eq 'ContinueWhileAccept')
>> {
>> $stop = ($handled != $main::ACCEPT);
>> + $self->log($main::LOG_INFO, "AuthBy $handler-
>>> {Identifier} returned $Radius::AuthGeneric::reasons[$handled],
>> Reason: $reason", $p)
>> + if (!$stop);
>> }
>> elsif ($self->{AuthByPolicy} eq 'ContinueUntilAccept')
>> {
>> $stop = ($handled == $main::ACCEPT);
>> + $self->log($main::LOG_INFO, "AuthBy $handler-
>>> {Identifier} returned $Radius::AuthGeneric::reasons[$handled],
>> Reason: $reason", $p)
>> + if (!$stop);
>> }
>> elsif ($self->{AuthByPolicy} eq 'ContinueWhileReject')
>> {
>> $stop = ($handled != $main::REJECT
>> && $handled != $main::REJECT_IMMEDIATE);
>> + $self->log($main::LOG_INFO, "AuthBy $handler-
>>> {Identifier} returned $Radius::AuthGeneric::reasons[$handled],
>> Reason: $reason", $p)
>> + if (!$stop);
>> }
>> elsif ($self->{AuthByPolicy} eq 'ContinueUntilReject')
>> {
>> $stop = ($handled == $main::REJECT
>> || $handled == $main::REJECT_IMMEDIATE);
>> + $self->log($main::LOG_INFO, "AuthBy $handler-
>>> {Identifier} returned $Radius::AuthGeneric::reasons[$handled],
>> Reason: $reason", $p)
>> + if (!$stop);
>> }
>> last if $stop;
>> }
>> #
>>
>> This will create an Info message if the Authby is not the last.
>>
>> Markus
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list