[RADIATOR] logging (radiator and authlog) and accounting to ElasticSearch

[Alexander Hartmaier]

After pushing all our network device syslogs into ElasticSearch I'm
looking into doing the same for our applications starting with Radiator.

The Radiator application logs should be fairly trivial by using <Log
SYSLOG>. The same goes for <AuthLog SYSLOG> where the format could be
e.g. key/value pair JSON serialized.

What I'm missing is the same for accounting logs.
Since quite some time I'm looking for a way to customize the accounting
log file format but the problem I'm having with it is that there seems
to be no way to log all key/value pairs contained in the accounting
packet without specifying each name.
The default format is nice to read but hard to search with e.g. ack or grep.
I've read that using pipe followed by a program as AcctLogFileName works
but passing data serialized one log per line to it would also be easier
for the program to parse the log and pass it on (e.g. JSON serialized).

Is there some feature I've overlooked?

--
Best regards, Alexander Hartmaier

T-Systems Austria GesmbH
TSS Security Services
Network Security & Monitoring Engineer

phone: +43(0)57057-4320
fax: +43(0)57057-954320



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*