[RADIATOR] Logging Calling-Station-Id for failed login attempts
Frank Danielson
FDanielson at csky.com
Mon Dec 17 18:01:24 CST 2012
Hi Brendan-
You should look at using an AuthLog to log authorization attempts.
<AuthLog FILE>
Identifier logfailure
Filename %L/auth.default.%d%m%Y.log
LogSuccess 0
LogFailure 1
FailureFormat %1:%U:%{Calling-Station-Id}:FAIL
SuccessFormat %1:%U:%{Calling-Station-Id}:OK
</AuthLog>
<Handler some_condition>
...
...
...
AuthLog logfailure
</Handler>
-Frank
On Dec 17, 2012, at 6:45 PM, Howe, Brendan wrote:
Hello,
We have a security requirement to log all failed radius login attempts. We need to log date / time, userid and the Calling-Station-Id (Client’s IP address)
With a trace level of 3 only the date, time and userid is logged in the standard logfile for failed logins. Changing to trace level 4 logs the Calling-Station-Id, but we don’t want to run this trace level in production due to all the extra DEBUG info logged.
Is it possible to change what is logged within trace levels or is it possible to configure a password log file that logs more than the standard 5 fields?
Regards,
Brendan
<ATT00001..txt>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20121217/fc7225c8/attachment-0001.html
More information about the radiator
mailing list