[RADIATOR] per-clause vs global Logs
Heikki Vatiainen
hvn at open.com.au
Mon Nov 11 17:14:52 CST 2013
On 11/09/2013 01:22 AM, David Zych wrote:
> Now, however, I'm trying to put my Radiator servers behind a server load balancer (SLB); every few seconds, the SLB sends a health check request which Radiator is configured to REJECT (this is safer than ACCEPT and equally effective proof that the server is alive and answering). The problem is that each REJECT generates INFO-level log output which is cluttering up my logs:
>
> Fri Nov 8 16:56:03 2013 416230: INFO: Access rejected for SI_radius_keepalive: L7 Health Check from SLB
> My questions:
> 3. Is there a better way to accomplish this that I'm not seeing?
Skipping to this directly: would a good solution be to change the log
level of reject messages to something else? What could be done is to
make the log level of these messages configurable.
In many cases rejects are normal, there is no need to log each reject
with INFO level. There have been questions about this before too, e.g.,
on busy eduroam proxies, and adding an option to set the desired log
level for reject messages might be a better solution than add a number
of log clauses and options to work around the reject log messages and
miss some useful INFO messages while doing it.
There are quite likely people who use the INFO level reject messages for
monitoring their service, so the default would be to use INFO but it
would be possible to switch it to e.g., DEBUG and just use AuthLogs to
see all rejects and accepts.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list