[RADIATOR] ServerTACACSPLUS logging improvements
Heikki Vatiainen
hvn at open.com.au
Wed Jun 29 05:41:10 CDT 2016
On 28.6.2016 11.24, Hartmaier Alexander wrote:
> Tue Jun 28 08:18:50 2016: DEBUG: ServerTACACSPLUS: New connection from
> 1.2.3.4:11422
> Tue Jun 28 08:18:50 2016: ERR: Could not get peer name on
> TacacsplusConnection socket: Transport endpoint is not connected
> Tue Jun 28 08:18:50 2016: DEBUG: TacacsplusConnection disconnected from :
>
> As you can see is the last message lacking the source infos although
> I've applied the latest patchset.
> Any idea why?
The 'Could not get peer name' log message was not changed at those
patches yet. What was changed was the addition of the 'New connection'
message.
To get rid of need for Trace 4, the current patches now include slightly
changed connection handling and updated logging. The peer IP and port
are now saved from accept() and while getpeername() is still called, its
function is only to check for connections that got immediately closed
after they were opened.
This check is depends on the timing, but it should catch those
disconnects that were causing the 'Could not get peer name' log message.
Otherwise the connections get closed by the normal processing.
Or in brief: the log message is now more informative but the processing
is otherwise the same.
Note: the peer name log message is now logged as a WARNING instead of ERR.
> But the 'New connection' message should be enough to find the bad boys
> which seem to be two Cisco IOS routers.
Hmm, that's interesting. Any reason why they do this?
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list