[RADIATOR] <AuthLog SYSLOG> on Windows Server ?

Heikki Vatiainen hvn at open.com.au
Mon Nov 4 15:34:51 CST 2013 

On 11/01/2013 08:58 PM, Mueller, Jason C wrote:

> I created a Perl script independent of Radiator that called Sys::Syslog and sent a message to the remote host. That worked using UDP.

That's good. Then I'd say you would need to check if the remote system
(loghost) has its syslog server set to log everything Radiator sends.
For example, you mentioned below that messages about invalid attributes
were logged by the remote system. These likely had priority level of err
which the loghost was configured to accept and handle. However, does it
accept and handle messages with lesser priority?

> Here are the stanzas I created in the Radiator config file:

As you mentioned LogSuccess and LogFailure are required. The default
priority for AuthLog SYSLOG messages is 'info'. You should check if the
loghost does something with 'info' level messages or try setting
'Priority err' and see if the messages then get through. The default
level 'info' is quite low.

Thanks,
Heikki

> <Log SYSLOG>
> 	Identifier syslog
> 	LogSock udp
> 	LogHost IP_ADDRESS_OF_REMOTE_HOST
> 	Facility local5
> </Log>
> 
> <AuthLog SYSLOG>
> 	Identifier authsyslog
> 	LogSock udp
> 	LogHost IP_ADDRESS_OF_REMOTE_HOST
> 	Facility local5
> 	SuccessFormat %H:%M:%S | %{Calling-Station-Id} | %u | OK | NAS-IP %N
> 	FailureFormat %H:%M:%S | %{Calling-Station-Id} | %u | FAIL: %1 | NAS-IP %N
> </AuthLog>
> 
> As Neil indicated, the inet option did not work. I really don’t want to use the “inet” option, since it tries TCP first, and we are not using TCP. The RADIUS servers are under relatively heavy load, so I do not want to consume the time or cycles sending a message with no possible means of success in a single threaded application.
> 
> I did not have the LogSuccess and LogFailure options set in the <AuthLog SYSLOG> clause. I have added those, but no success.
> 
> I should note that when I had invalid attributes in the <Log SYSLOG> section that Radiator actually sent information to the syslog server indicating that I had invalid attributes. After they were removed and I restarted, Radiator did not send any logs. I would have expected to get the general log info, but that did not happen.
> 
> Any help is appreciated. We might try upgrading Perl and upgrading Radiator (one at a time to see which makes a difference).
> 
> -Jason
> 
> 
> On Oct 30, 2013, at 8:54 AM, Heikki Vatiainen <hvn at open.com.au> wrote:
> 
>> On 10/29/2013 07:56 PM, Johnson, Neil M wrote:
>>> Tried the LogSock inet, did not work.
>>>
>>> We are running ActiveState PERL 5.12.2 and Sys::Syslog version 0.33
>>
>> I tried with ActivePerl 5.14.4 and Sys::Syslog 0.33 using this
>> configuration:
>>
>> <AuthLog SYSLOG>
>> 	Identifier myauthlogger
>> 	LogHost 172.16.172.14
>> 	LogSock inet
>> 	LogSuccess 1
>> 	LogFailure 1
>> </AuthLog>
>>
>> I had tcpdump running on 172.16.172.14 and there was traffic to syslog
>> port 514. The configuration was goodies/authlog.cfg modified to use
>> SYSLOG as shown above.
>>
>> Maybe you could try a simple config to see if it works with something
>> very basic?
>>
>> I could not try with ActivePerl 5.12.2 since PPM complained about
>> requiring authentication to upgrade to 0.33. Seeing how to get this
>> solved may take a bit longer, but I thought I'd confirm syslog on
>> Windows should work.
>>
>>
>> -- 
>> Heikki Vatiainen <hvn at open.com.au>
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>> NetWare etc.
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list