[RADIATOR] custom logging configuration

Hugh Irvine hugh at open.com.au
Sun Feb 7 01:17:26 CST 2016 

Hello All -

I have recently built some custom logging for a customer and I thought it might be interesting to post an overview here.

This will also be included in “goodies/hooks.txt” in future releases.

The requested feature was to forward for each session the username and associated IP address, together with a timestamp to a firewall and a security device using SYSLOG.

This example shows logging to SYSLOG, but any other <Log ….> target(s) will work equally well.

Here is the configuration file that I used for testing:


# log.cfg

Foreground
LogStdout
LogDir          .
DbDir           .
# User a lower trace level in production systems:
Trace           4

<Client DEFAULT>
        Secret  mysecret
</Client>

<AuthBy GROUP>
	# define Log clauses here so they aren’t global loggers
        <Log SYSLOG>
                Identifier SyslogToFirewall
                # add syslog specific details here
                Trace 3
        </Log>
        <Log SYSLOG>
                Identifier SyslogToSecurityDevice
                # add syslog specific details here
                Trace 3
        </Log>
</AuthBy>

<Handler Request-Type = Accounting-Request>
        PreAuthHook file:"%D/sysloglogger.pl"
        <AuthBy INTERAL>
                AuthResult REJECT
		AcctResult ACCEPT
        </AuthBy>
        # Log accounting to a detail file
        AcctLogFileName %L/detail
</Handler>

<Handler>
        <AuthBy FILE>
                Filename %D/users
        </AuthBy>
</Handler>


and here is the hook code:


# sysloglogger.pl
# Radiator hook to send SYSLOG messages
# to firewall and security device with
# Timestamp, User-Name and Framed-IP-Address
#
# Hugh Irvine, OSC, 20160206

sub
{
        my $p = ${$_[0]};

        my $acctstatus = $p->get_attr('Acct-Status-Type');
        return unless $acctstatus eq 'Start';

        my $user = $p->get_attr('User-Name');
        my $ipaddress = $p->get_attr('Framed-IP-Address');
        my $message = "user = $user, ip = $ipaddress";

        my $syslogtofw = Radius::Configurable::find('Log', 'SyslogToFirewall');

        if ($syslogtofw)
        {
                $syslogtofw->log($main::LOG_INFO, $message, $p);
        }

        my $syslogtosd = Radius::Configurable::find('Log', 'SyslogToSecurityDevice');

        if ($syslogtosd)
        {
                $syslogtosd->log($main::LOG_INFO, $message, $p);
        }

        return;
}


Hopefully someone finds this useful.

regards

Hugh

--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list