[RADIATOR] Request for enhancement: Log Handler InfluxDB or at least UDP
Barry Ard
bard at ualberta.ca
Fri Feb 5 12:10:15 CST 2016
I like this, very simple. Please ensure that this ends up in goodies.
Thanks,
Barry
On Fri, Feb 5, 2016 at 5:47 AM, Heikki Vatiainen <hvn at open.com.au> wrote:
> On 2.2.2016 13.14, Karl Gaissmaier wrote:
>
> > yes, like heka http://hekad.readthedocs.org as forwarding agent and/or
> > anomaly processor.
>
> Interesting, thanks for sharing this.
>
> > Heka has also a sandboxed Lua interpreter to decode unusual log formats,
> > maybe I'll not implement the hook in RADIATOR.
> >
> > Maybe it's really enough to create normal logs and use heka (or similar
> > tools)
> > to process anomaly detection and forward it to graphite/influxdb.
>
> Meanwhile, I did a basic Influxdb and Grafana installation to test it a
> little. Below is a simple AuthLog FILE format hook that creates an entry
> in Influxdb line protocol format and sends it before logging it to a
> file. It simply removes some of the characters that need to be quoted in
> the line protocol format and creates a new socket for each call. It's
> very primitive but, it will do basic logging and is a quick way to
> experiment and get something stored in Influxdb and visible in Grafana.
>
> The entry that gets logged in authlog file is useful to see how the line
> that was sent to Influxdb was formatted.
>
> # AuthLog in InfluxDB format
> sub
> {
> my ($s, $reason, $p) = @_;
>
> my $ap = $p->get_attr('NAS-Identifier');
> my $client_mac = $p->get_attr('Calling-Station-Id');
> my $username = $p->get_attr('User-Name');
>
> my ($sec, $usec) = Radius::Util::getTimeHires();
> my $influxtime = "$sec$usec"."000";
>
> # Strip space, \ and "
> # See Influxdb docs for what/how to quote
> $username =~ s/[ \\"]//g;
> $reason =~ s/[ \\"]//g;
>
> my $dp; # InfluxDB line protocol data point
> if ($s == $main::ACCEPT)
> {
> my $key =
> "radius,type=accept,ap=$ap,special=$username,special_type=username";
>
> my $fields = "value=\"$username\"";
> $dp = "$key $fields $influxtime";
> }
> elsif ($s == $main::REJECT)
> {
> my $key =
> "radius,type=rejected,ap=$ap,special=$reason,special_type=reason";
>
> my $fields = "value=\"$username\",special_val=\"$reason\"";
> $dp = "$key $fields $influxtime";
> }
>
> use IO::Socket::INET;
> my $socket = IO::Socket::INET->new(PeerAddr => '127.0.0.1',
> PeerPort => '8090',
> Proto => 'udp');
> $socket->send($dp . "\n");
> return $dp;
> }
>
> Here's the config I used.
>
> Foreground
> LogStdout
> LogDir .
> DbDir .
> Trace 4
>
> <Client DEFAULT>
> Secret mysecret
> </Client>
>
> <AuthLog FILE>
> Identifier myauthlogger-influxdb
> Filename %L/authlog-influx.txt
> LogFormatHook file:"%D/format-influx.pl"
> LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> <Handler>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
>
> AuthLog myauthlogger-influxdb
> </Handler>
>
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
--
Barry Ard barry.ard at ualberta.ca
IST
University of Alberta
Edmonton, Alberta Canada
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20160205/997e84e8/attachment.html
More information about the radiator
mailing list