[RADIATOR] User-Level Logging
Heikki Vatiainen
hvn at open.com.au
Mon May 16 06:42:38 CDT 2011
On 05/13/2011 02:32 PM, Adam Bishop wrote:
> What would be the most effective way of logging the activity of
> specific users?
There are a couple of possibilities. Please see below for more.
> A number of my users are going to be visiting another site, so I
> would like to create a separate logfile targeting them so I can
> quickly see any issues affecting those specific users. The only way
> that springs to mind is authenticating them under a separate handler,
> but I'm not exactly sure how to identify the users efficiently
> (around 20 users).
If you have access to Radar, you can specify a TRACE_PREDICATE
expression that must match before message will be logged to Radar. You
can enable and disable tracing without restarting Radiator
Another alternative is to create a Handler that has PacketTrace or <Log
FILE> set. The Handler contents could be the same as with existing
non-tracing handler but the Handler's checklist would have something
like Realm=debug.example.org. That might work if the users know how to
change their configuration or the config can be easily pushed to the
users. In other words, the idea would be to use the realm to signal that
user wants or should be traced.
Yet another alternative is to use a hook that sets PacketTrace
($p->{PacketTrace}) based on username.
Setting PacketTrace or configuring <Log FILE> for an appropriate Client,
Handler or AuthBy might be useful too.
If the authentication protocol is e.g. PEAP or TTLS, then catching the
user will be harder unless the RADIUS User-Name matches the real inner
identity.
> Conversely, how would I go about not logging a specific user (out
> test account is polluting the logs somewhat).
Maybe this could be taken care with a specific Handler?
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list