[RADIATOR] <AuthLog SYSLOG> on Windows Server ?

Mueller, Jason C jason-mueller at uiowa.edu
Tue Nov 5 13:22:53 CST 2013 

Heikki,


On Nov 4, 2013, at 3:34 PM, Heikki Vatiainen <hvn at open.com.au> wrote:

> On 11/01/2013 08:58 PM, Mueller, Jason C wrote:
> 
>> I created a Perl script independent of Radiator that called Sys::Syslog and sent a message to the remote host. That worked using UDP.
> 
> That's good. Then I'd say you would need to check if the remote system
> (loghost) has its syslog server set to log everything Radiator sends.
> For example, you mentioned below that messages about invalid attributes
> were logged by the remote system. These likely had priority level of err
> which the loghost was configured to accept and handle. However, does it
> accept and handle messages with lesser priority?

The syslog server is configured to accept messages of all priorities. While performing a packet capture on the Radiator host, we do not see the messages go out.

> Here are the stanzas I created in the Radiator config file:
> 
> As you mentioned LogSuccess and LogFailure are required. The default
> priority for AuthLog SYSLOG messages is 'info'. You should check if the
> loghost does something with 'info' level messages or try setting
> 'Priority err' and see if the messages then get through. The default
> level 'info' is quite low.
> 
> Thanks,
> Heikki
> 
>> <Log SYSLOG>
>> 	Identifier syslog
>> 	LogSock udp
>> 	LogHost IP_ADDRESS_OF_REMOTE_HOST
>> 	Facility local5
>> </Log>
>> 
>> <AuthLog SYSLOG>
>> 	Identifier authsyslog
>> 	LogSock udp
>> 	LogHost IP_ADDRESS_OF_REMOTE_HOST
>> 	Facility local5
>> 	SuccessFormat %H:%M:%S | %{Calling-Station-Id} | %u | OK | NAS-IP %N
>> 	FailureFormat %H:%M:%S | %{Calling-Station-Id} | %u | FAIL: %1 | NAS-IP %N
>> </AuthLog>
>> 
>> As Neil indicated, the inet option did not work. I really don’t want to use the “inet” option, since it tries TCP first, and we are not using TCP. The RADIUS servers are under relatively heavy load, so I do not want to consume the time or cycles sending a message with no possible means of success in a single threaded application.
>> 
>> I did not have the LogSuccess and LogFailure options set in the <AuthLog SYSLOG> clause. I have added those, but no success.
>> 
>> I should note that when I had invalid attributes in the <Log SYSLOG> section that Radiator actually sent information to the syslog server indicating that I had invalid attributes. After they were removed and I restarted, Radiator did not send any logs. I would have expected to get the general log info, but that did not happen.
>> 
>> Any help is appreciated. We might try upgrading Perl and upgrading Radiator (one at a time to see which makes a difference).
>> 
>> -Jason
>> 
>> 
>> On Oct 30, 2013, at 8:54 AM, Heikki Vatiainen <hvn at open.com.au> wrote:
>> 
>>> On 10/29/2013 07:56 PM, Johnson, Neil M wrote:
>>>> Tried the LogSock inet, did not work.
>>>> 
>>>> We are running ActiveState PERL 5.12.2 and Sys::Syslog version 0.33
>>> 
>>> I tried with ActivePerl 5.14.4 and Sys::Syslog 0.33 using this
>>> configuration:
>>> 
>>> <AuthLog SYSLOG>
>>> 	Identifier myauthlogger
>>> 	LogHost 172.16.172.14
>>> 	LogSock inet
>>> 	LogSuccess 1
>>> 	LogFailure 1
>>> </AuthLog>
>>> 
>>> I had tcpdump running on 172.16.172.14 and there was traffic to syslog
>>> port 514. The configuration was goodies/authlog.cfg modified to use
>>> SYSLOG as shown above.
>>> 
>>> Maybe you could try a simple config to see if it works with something
>>> very basic?
>>> 
>>> I could not try with ActivePerl 5.12.2 since PPM complained about
>>> requiring authentication to upgrade to 0.33. Seeing how to get this
>>> solved may take a bit longer, but I thought I'd confirm syslog on
>>> Windows should work.
>>> 
>>> 
>>> -- 
>>> Heikki Vatiainen <hvn at open.com.au>
>>> 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>>> NetWare etc.
>> 
> 
> 
> -- 
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.

More information about the radiator mailing list