[RADIATOR] per-clause vs global Logs
David Zych
dmrz at illinois.edu
Fri Nov 8 17:22:58 CST 2013
For a long time, I have used a single global <Log FILE> and a single global <Log SYSLOG>, both at Trace 3, to capture everything I might want to know about that doesn't fall into the separate categories of AuthLog or AcctLogFileName.
Now, however, I'm trying to put my Radiator servers behind a server load balancer (SLB); every few seconds, the SLB sends a health check request which Radiator is configured to REJECT (this is safer than ACCEPT and equally effective proof that the server is alive and answering). The problem is that each REJECT generates INFO-level log output which is cluttering up my logs:
Fri Nov 8 16:56:03 2013 416230: INFO: Access rejected for SI_radius_keepalive: L7 Health Check from SLB
AFAICT there is no way to turn _off_ logging only for certain clauses, so the tentative solution I've come up with is to revamp my logging system so that the global ones are Trace 2, and I use individual Log clauses to do Trace 3.
## Additional finer-grained loggers for use in individual Handlers,
## defined here inside a dummy Handler so they won't be global (see
## http://www.open.com.au/pipermail/radiator/2004-June/009606.html).
<Handler Client-Identifier=GLOBAL_LOGGING_DUMMY_HANDLER>
<Log FILE>
Identifier logFile-INFO
Filename %L/general/%Y/%m/logfile.%Y-%m-%d
LogFormat %Y-%m-%dT%H:%M:%S.%s %{Server:Identifier}: %1: %2
Trace 3
</Log>
<Log SYSLOG>
Identifier logSyslog-INFO
LogSock udp
LogHost %{GlobalVar:LogHost}
LogIdent %{Server:Identifier}
Facility user
Trace 3
</Log>
</Handler>
#...
# example real handler for wireless access requests
<Handler Client-Identifier=wireless, Request-Type=Access-Request>
Identifier wireless
AuthByPolicy ContinueWhileAccept
# Block by MAC address
AuthBy wireless-mac_block
AuthBy wireless-eapOuter
AuthLog wirelessAuthlog
AuthLog wirelessSyslog
Log logFile-INFO
Log logSyslog-INFO
</Handler>
My first pass was to put those Log lines in every Handler clause (except the one for the SLB health checks)... but empirically that still misses some important INFO messages, such as the following from an AuthBy RADIUS:
Wed Nov 6 16:36:49 2013 319320: INFO: AuthRADIUS ci-authproxy: Could not find a working host to forward admin (1) after 5 seconds. Ignoring
Wed Nov 6 16:36:49 2013 319537: INFO: AuthRADIUS ci-authproxy: No reply after 5 seconds and 0 retransmissions to 127.0.0.1:10006 for admin (115)
My questions:
1. Where do I need to put those "Log" config lines in order to achieve my goal of getting INFO-level logging everywhere except for the one place I specifically don't want it? Is there some subset of clause types that will suffice (or mostly suffice), or do they have to go in literally every clause in my entire config?
2. If I do put them in literally every clause, will that work? Or will it generate duplicate log messages?
3. Is there a better way to accomplish this that I'm not seeing?
Thanks,
David
More information about the radiator
mailing list