[RADIATOR] Prometheus statistics output
Tarko Tikan
tarko at lanparty.ee
Wed Jun 24 15:06:19 UTC 2020
hey,
>> <ServerHTTP>
>> PageNotFoundHook file:"stats.pl"
>> </ServerHTTP>
>
> That's an interesting idea. As you mentioned below, ServerHTTP has a
> number of setting to control login and login privileges. I would check
> those and possible restrict with host based, and/or, other firewalls the
> access to port configured for ServerHTTP.
I didn't find any drawbacks after going through the code. We will roll
with "DefaultPrivilegeLevel 0" and no AuthBy statements at all.
Only downside/issue I found is if you access /login directly and post
the login form (that creates internal radius request), the whole
ServerHTTP will stay in a state where every request gets redirected to
/login (including the PageNotFoundHook). This obviously makes the
/metrics endpoint useless.
In our case it's not a big issue because ServerHTTP is reachable from
very limited sources (but includes 127.0.0.1) and it doesn't influence
the actual radius service. Missing metrics we catch via monitoring
anyway. So I didn't investigate further.
--
tarko
More information about the radiator
mailing list