[RADIATOR] ServerTACACSPLUS logging improvements

Hartmaier Alexander alexander.hartmaier at t-systems.at
Tue Jun 28 03:24:30 CDT 2016


On 2016-06-24 13:57, Heikki Vatiainen wrote:
> On 24.06.2016 14:08, Hartmaier Alexander wrote:
>
>>> We also thought about further improvements for unexpectedly closed
>>> connections so that they can be logged and handled more easily. However,
>>> this is the first step before doing further changes.
>> We still get the 'Could not get peer name on TacacsplusConnection
>> socket: Transport endpoint is not connected' log message without
>> additional infos for which endpoint. Please don't add an additional
>> debugging message but improve the existing one!
> The error getpeername() sees is just that: the connection has gone away
> (while it was just established) so there's not much to improve this
> message anymore. The additional message I mentioned is available at
> trace 4 and it can stay because it's logged at the moment when the
> remote IP and port are first and surely available.
>
> However, maybe you could see what it shows on trace 4 now. The further
> changes in logging are planned to make unexpectedly closed connections
> logged so that are, for example, logged at INFO or WARNING level (trace
> 3 or 2). This should keep the log littering down, successfully opened
> connections are now logged unless debugging is enabled, while
> unexpectedly closed and unsuccessfully established connections are
> logged at higher log level.
>
> Maybe you could use trace 4 now to see where the shortlived client
> connections come from?

I've collected trace 4 logs:

Tue Jun 28 08:18:50 2016: DEBUG: ServerTACACSPLUS: New connection from
1.2.3.4:11422
Tue Jun 28 08:18:50 2016: ERR: Could not get peer name on
TacacsplusConnection socket: Transport endpoint is not connected
Tue Jun 28 08:18:50 2016: DEBUG: TacacsplusConnection disconnected from :

As you can see is the last message lacking the source infos although
I've applied the latest patchset.
Any idea why?
But the 'New connection' message should be enough to find the bad boys
which seem to be two Cisco IOS routers.
>
> Thanks for your comments,
> Heikki
>
Thanks, Alex


*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*


More information about the radiator mailing list