[RADIATOR] Request for enhancement: Log Handler InfluxDB or at least UDP

Barry Ard bard at ualberta.ca
Fri Feb 5 12:10:15 CST 2016


I like this, very simple. Please ensure that this ends up in goodies.

Thanks,
Barry

On Fri, Feb 5, 2016 at 5:47 AM, Heikki Vatiainen <hvn at open.com.au> wrote:

> On 2.2.2016 13.14, Karl Gaissmaier wrote:
>
> > yes, like heka http://hekad.readthedocs.org as forwarding agent and/or
> > anomaly processor.
>
> Interesting, thanks for sharing this.
>
> > Heka has also a sandboxed Lua interpreter to decode unusual log formats,
> > maybe I'll not implement the hook in RADIATOR.
> >
> > Maybe it's really enough to create normal logs and use heka (or similar
> > tools)
> > to process anomaly detection and forward it to graphite/influxdb.
>
> Meanwhile, I did a basic Influxdb and Grafana installation to test it a
> little. Below is a simple AuthLog FILE format hook that creates an entry
> in Influxdb line protocol format and sends it before logging it to a
> file. It simply removes some of the characters that need to be quoted in
> the line protocol format and creates a new socket for each call. It's
> very primitive but, it will do basic logging and is a quick way to
> experiment and get something stored in Influxdb and visible in Grafana.
>
> The entry that gets logged in authlog file is useful to see how the line
> that was sent to Influxdb was formatted.
>
> # AuthLog in InfluxDB format
> sub
> {
>      my ($s, $reason, $p) = @_;
>
>      my $ap = $p->get_attr('NAS-Identifier');
>      my $client_mac = $p->get_attr('Calling-Station-Id');
>      my $username = $p->get_attr('User-Name');
>
>      my ($sec, $usec) = Radius::Util::getTimeHires();
>      my $influxtime = "$sec$usec"."000";
>
>      # Strip space, \ and "
>      # See Influxdb docs for what/how to quote
>      $username =~ s/[ \\"]//g;
>      $reason =~ s/[ \\"]//g;
>
>      my $dp; # InfluxDB line protocol data point
>      if ($s == $main::ACCEPT)
>      {
>          my $key =
> "radius,type=accept,ap=$ap,special=$username,special_type=username";
>
>          my $fields = "value=\"$username\"";
>          $dp = "$key $fields $influxtime";
>      }
>      elsif ($s == $main::REJECT)
>      {
>          my $key =
> "radius,type=rejected,ap=$ap,special=$reason,special_type=reason";
>
>          my $fields = "value=\"$username\",special_val=\"$reason\"";
>          $dp = "$key $fields $influxtime";
>      }
>
>      use IO::Socket::INET;
>      my $socket = IO::Socket::INET->new(PeerAddr => '127.0.0.1',
>                                   PeerPort => '8090',
>                                   Proto    => 'udp');
>      $socket->send($dp . "\n");
>      return $dp;
> }
>
> Here's the config I used.
>
> Foreground
> LogStdout
> LogDir          .
> DbDir           .
> Trace           4
>
> <Client DEFAULT>
>         Secret  mysecret
> </Client>
>
> <AuthLog FILE>
>         Identifier myauthlogger-influxdb
>         Filename %L/authlog-influx.txt
>         LogFormatHook file:"%D/format-influx.pl"
>         LogSuccess 1
>         LogFailure 1
> </AuthLog>
>
> <Handler>
>         <AuthBy FILE>
>                 Filename %D/users
>         </AuthBy>
>
>         AuthLog myauthlogger-influxdb
> </Handler>
>
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>



-- 

Barry Ard                                   barry.ard at ualberta.ca
IST
University of Alberta
Edmonton, Alberta   Canada
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20160205/997e84e8/attachment.html 


More information about the radiator mailing list