[RADIATOR] ServerTACACSPLUS logging improvements
Hartmaier Alexander
alexander.hartmaier at t-systems.at
Fri Jul 1 13:47:25 CDT 2016
Hi Heikki,
On 2016-06-29 12:41, Heikki Vatiainen wrote:
> On 28.6.2016 11.24, Hartmaier Alexander wrote:
>
>> Tue Jun 28 08:18:50 2016: DEBUG: ServerTACACSPLUS: New connection from
>> 1.2.3.4:11422
>> Tue Jun 28 08:18:50 2016: ERR: Could not get peer name on
>> TacacsplusConnection socket: Transport endpoint is not connected
>> Tue Jun 28 08:18:50 2016: DEBUG: TacacsplusConnection disconnected from :
>>
>> As you can see is the last message lacking the source infos although
>> I've applied the latest patchset.
>> Any idea why?
> The 'Could not get peer name' log message was not changed at those
> patches yet. What was changed was the addition of the 'New connection'
> message.
>
> To get rid of need for Trace 4, the current patches now include slightly
> changed connection handling and updated logging. The peer IP and port
> are now saved from accept() and while getpeername() is still called, its
> function is only to check for connections that got immediately closed
> after they were opened.
>
> This check is depends on the timing, but it should catch those
> disconnects that were causing the 'Could not get peer name' log message.
> Otherwise the connections get closed by the normal processing.
>
> Or in brief: the log message is now more informative but the processing
> is otherwise the same.
Great, thanks!
>
> Note: the peer name log message is now logged as a WARNING instead of ERR.
I'd say that's a more appropriate log level, thanks!
>
>> But the 'New connection' message should be enough to find the bad boys
>> which seem to be two Cisco IOS routers.
> Hmm, that's interesting. Any reason why they do this?
With the 'New connection' message I was able to find the two IOS routers
causing the message. They weren't under our control (any more) but still
tried to establish TACACS+ sessions, possibly not using the correct key
with lead to those messages.
The admin of them deconfigured our Radiator servers and so the messages
are gone.
>
> Thanks,
> Heikki
>
Best regards, Alex
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list