[RADIATOR] LogSkipHook for MessageLog

Karl Gaissmaier karl.gaissmaier at uni-ulm.de
Mon Sep 4 12:41:45 UTC 2017 

Hi Heikki,

Am 04.09.2017 um 14:05 schrieb Heikki Vatiainen:
> On 1.9.2017 16.48, Karl Gaissmaier wrote:
>
>>> What do you think about a LogSkipHook in MessageLogFILE?
>
> Tuure mentioned that similar functionality (ACL to match what gets 
> captured) on certain devices has been very useful. The hook would also 
> allow trigger capture based on attributes since it can access the 
> message contents too.

yep

>
>> See the attached patch, this would be very helpful for debugging 
>> sporadically occurring errors.
>>
>> I would be glad if you could accept this feature request or patch.
>
> We'll take a look at how to fit this in. It's probably better to have 
> in the parent class and be more aware of direction (in/out) and 
> protocol so that we can support TACACS+ too. However, I'd say it would 
> be close to what you had in the patch.

Sure, the way you implement the skip hook is truly best in your hands!

Btw, I named it LogSkipHook and not MessageLogSkipHook because a 
LogSkipHook would also be very useful in some Log Modules.
I you logg in DEBUG mode, the amount is overwhelming, to choose 
programmatically what messages get skipped would be fine.

...

And, you know, it was just a quick and dirty solution for me, now I was 
able to debug the long running nasty behavior of this messages:

WARNING:  1XX.1YY.75.138   Unknown reply received in AuthRADSEC for 
request 51157 from ZZZZ.dfn.de (1XX.1YY.75.138:2083)

in wireshark.

Solution:

You log just the extended Id from $fp proxied to the upstream, since the 
original packet $p is no longer in pending state.
But when you logg the noreply for $p seconds before, you logg just the 
identifier of the original $p and NOT the corresponding proxied ext Id 
of $fp, therefore I could not match the late responsive packet to the 
originator!

Now I've understood the reason I wrote a NoReplyHook in AuthBy RADSEC in 
order to be able to match both logg message:

     NoReplyHook     sub { \
                         my ($p, $fp) = (${$_[0]}, ${$_[1]}); \
                         my $psid = Radius::AuthRADSEC->get_psid($fp); \
                         main::log($main::LOG_WARNING,"AuthRADSEC: No 
reply for $p->{OriginalUserName} id=($p->{Identifier}), 
proxy-ext-Id:($psid)"); \
             }


Maybe you should patch also the Logg message

sub failed
{
     my ($self, $host, $fp, $p) = @_;

     my $msg = "AuthRADSEC: No reply from $host->{Host}:$host->{Port} 
for $p->{OriginalUserName} ($p->{Identifier})";

to logg the corresponding $fp Extended Idtoo, then we need no Hook to 
match the reason for the
'Unknown reply received in AuthRADSEC  ....' logg messages,


Best Regards and thanks again for maintaining and improving RADIATOR!

   Charly

-- 
Karl Gaissmaier
Universität Ulm
kiz, Kommunikations und Informationszentrum
89069 Ulm
Tel.: 49(0)731/50-22499
Fax : 49(0)731/50-12-22499

More information about the radiator mailing list