[RADIATOR] DEBUG logging oddities

Karl Gaissmaier karl.gaissmaier at uni-ulm.de
Thu Feb 18 04:40:34 CST 2016 

Hi,

no official solution or ACK for this problem til now :-(

Currently I use the following homebrew workaround to get debug messages 
with trace level 4 in private log clauses:


# Gimmick to trick &main::willLog
# has an unnecessary processing component, I know, but ...
<Log FILE>
        Trace           4
        Identifier      NULL-LOGGER-GIMMICK
        Filename        /dev/null
</Log>

# more global loggers for errors, warnings and notices:
<Log FILE>
         Trace           2
         Identifier      radiatorlog
         Filename        %L/radiatorlog
</Log>

<Log SYSLOG>
         Trace                   2
         IgnorePacketTrace
         ...
</Log>


Best Regards
    Charly

> Hi RADIATOR Team,
>
> I would like to dump the packet attributes within ServerRADSEC or
> AuthRADSEC but without overwhelming packet hexdumps.
>
> Therefore I can't/won't use PacketTrace in the clauses.
>
> I configured a clause specific Logger with 'Trace 4' but the 'sub
> main::willLog' doesn't honor the settings in the clause loggers, instead
> it checks just the global logger(s) und shortcuts the calls to
> recv_debug_dump in the Modules:
>
>> Radius/AuthRADIUS.pm:   $p->recv_debug_dump($self)  if (main::willLog($main::LOG_DEBUG, $p));
>> Radius/AuthRADSEC.pm:   $p->recv_debug_dump($self)  if (main::willLog($main::LOG_DEBUG, $p));
>> Radius/Client.pm:       $p->recv_debug_dump($self)  if (main::willLog($main::LOG_DEBUG, $p));
>> Radius/ServerRADSEC.pm: $tp->recv_debug_dump($self) if (main::willLog($main::LOG_DEBUG, $tp));
>>
>> #####################################################################
>> # Return true if at least one logger is required to log
>> # Can be a shortcut to prevent length logging calculations
>> sub main::willLog
>> {
>>    my ($priority, $p) = @_;
>>      return 1
>>        if ($main::config->{LogStdout}&& ($priority <= $main::config->{Trace}
>>           || ($p && $p->{PacketTrace})))
>>           || grep $_->willLog($priority, $p), @{$main::config->{Log}};
>> }
>
>
> ################################################################################
> Please see my stripped down test setting:
> ################################################################################
>
>> BindAddress 127.0.0.1
>> AuthPort 1812
>> AcctPort 1813
>>
>> LogDir /tmp/radiator/log
>> DbDir  /tmp/radiator/etc
>>
>>
>> # disable global logfile for tests, in production I use a global file logger and syslog logger with Trace 2
>> LogFile
>> # I'll just see warnings and errors in the global log or during this tests on stdout
>> Trace 2
>> Foreground
>> LogStdout
>>
>> PidFile        %D/radiusd.pid
>> DictionaryFile %D/my-very-short-dict-for-running-under-perl-debugger
>>
>> # AuthBy gimmick to define referable, non global loggers, thanks Hugh!
>> <AuthBy GROUP>
>>    <Log FILE>
>>      Identifier DEBUG-LOGGER
>>      Trace 4
>>      Filename %L/debug-logger
>>    </Log>
>> </AuthBy>
>>
>> <AuthBy TEST>
>>    Identifier AUTHBY_TEST
>> </AuthBy>
>>
>> <AuthBy RADSEC>
>>    # I'm interested in the radius code and attributes, not in SSL hexdumps
>>    Log DEBUG-LOGGER
>>    Secret radsec
>>    Identifier AUTHBY_RADSEC
>>
>>    UseStatusServerForFailureDetect
>>    KeepaliveTimeout 10
>>    FailureBackoffTime 10
>>    NoreplyTimeout 10
>>
>>    LocalAddress 127.0.0.1
>>    Host 127.0.0.1
>>
>>    # test settings, in production use valid certs and CN checks!!!
>>    UseTLS
>>    TLS_CAFile %D/certificates/demoCA/cacert.pem
>>    TLS_ExpectedPeerName .*
>>
>>    TLS_CertificateFile %D/certificates/cert-clt.pem
>>    TLS_CertificateType PEM
>>    TLS_PrivateKeyFile %D/certificates/cert-clt.pem
>>    TLS_PrivateKeyPassword whatever
>> </AuthBy>
>>
>> #################################################################################
>>
>> <Handler Connect-Info=RADSEC>
>>    Identifier HANDLER_FROM_RADSEC
>>    AuthBy AUTHBY_TEST
>> </Handler>
>>
>> <Handler Realm=radsec>
>>    Identifier HANDLER_TO_RADSEC
>>    AuthBy AUTHBY_RADSEC
>> </Handler>
>>
>> <Handler>
>>    Identifier HANDLER_DEFAULT
>>    AuthBy AUTHBY_TEST
>> </Handler>
>>
>> #################################################################################
>>
>> <Client DEFAULT>
>>    Identifier DEFAULT
>>    Secret mysecret
>>    Log DEBUG-LOGGER
>> </Client>
>>
>> <ServerRADSEC>
>>    # I'm interested in the radius code and attributes, not in SSL hexdumps
>>    Log DEBUG-LOGGER
>>
>>    Identifier RADSEC_SERVER
>>    BindAddress 127.0.0.1
>>    Port 2083
>>    Secret radsec
>>
>>    AddToRequest Connect-Info=RADSEC
>>    AddToReply Connect-Info=RADSEC
>>
>>    UseTLS
>>    TLS_CAFile %D/certificates/demoCA/cacert.pem
>>    TLS_CertificateFile %D/certificates/cert-srv.pem
>>    TLS_CertificateType PEM
>>    TLS_PrivateKeyFile %D/certificates/cert-srv.pem
>>    TLS_PrivateKeyPassword whatever
>>    TLS_RequireClientCert
>>    TLS_ExpectedPeerName .*
>> </ServerRADSEC>
>> ####################################################################
>
>
>
> and then test it with radpwtst
>
>> $ radpwtst -bind_address 127.0.0.1 -s 127.0.0.1 -noacct -auth_port 1812 -user foo at radsec
>
> Any hint how to solve this problem?
>
> Please rethink your &main::willLog(...) and btw, in my opinion, the
> whole logging deserves refactoring ;-(
>
> Maybe, supporting module specific $self->willLog would be proper a path
> to go.
>
> Best Regards
>      Charly Gaissmaier
> _______________________________________________

More information about the radiator mailing list