[RADIATOR] How do I log all reply attributes sent for an Access-Accept?
Linuxchuck
linuxchuck at n-force.com
Thu Apr 12 09:45:07 CDT 2012
On 04/11/2012 01:41 PM, Heikki Vatiainen wrote:
> On 04/10/2012 10:42 PM, Linuxchuck wrote:
>
>> I'm looking for a way to log all possible Reply attributes to my authlog file. I use many different types of VSAs, and would rather not have to scrub through all of my configs just to manually add each named Reply attribute to my<AuthLog FILE> stanza.
>
> Hmm, I do not think this has been requested before or such functionality
> currently exists directly.
>
> You could try the following PostAuthHook to collect all reply attributes
> to a pseudo attribute in request and logging the whole thing from
> request with:
> SuccessFormat %l: [%{GlobalVar:DevType}] [%n] [%c] [%{NAS-IP-Address}]
> [%{Calling-Station-Id}] Accept %{Request:X-Reply-Attrs}
>
> Here's an example hook. You can add attributes you do not want to see in
> the logs to ignore list.
>
> PostAuthHook file:"combine-reply-attrs-hook.pl"
>
> sub {
> my $p = ${$_[0]}; # Request packet
> my $rp = ${$_[1]}; # Response packet
>
> my @ignored = qw(EAP-Message Some-Other-Attribute);
>
> my ($i, $all) = (0, '');
> while (my ($name, $value) = $rp->get_attr_val_n($i++)) {
> next if grep {$_ eq $name} @ignored;
> $all .= "$name=$value, ";
> }
> $all =~ s/, $//; # Remove trailing ', '
> $p->add_attr("X-Reply-Attrs", $all);
> }
>
>
> Please let us know how this works.
> Heikki
>
>
Works perfect! This is exactly what I was looking for.
Thanks a ton!
Chuck
More information about the radiator
mailing list