The module should be run from OpenRADIUS using an interface definition
like this (see also the included example configuration file):
interface(name = "...",
sendattr = "str",
sendattr = "User-Name",
sendattr = ...,
...,
prog = "radlogger [options] file",
flags = Ascii + Double-Backslash +
Short-Attr + Named-Const +
Add-Tab + Add-Spaces,
...),
The 'Ascii' and 'Double-Backslash' flags are required for any interface that
uses this module. The other flags are optional and define how the logged A/V
pairs will be formatted. The ones shown will provide compatibility with the
standard Livingston format.
The 'sendattr' ACL is important; you should only specify the attributes that
you actually want logged. Of course you can start out with no ACL and then
create one, leaving everything out that you saw logged but didn't want. The
'str' attribute should always be included; this defines the log entry's
header (normally a formatted time/date string in Livingston-style files).
The module simply writes all A/V pairs that are sent by OpenRADIUS to the log
file specified on the command line, with the exception of the 'str' attribute,
of which the bare value is prepended to the log entry.
So, sending the attributes NAS-Port=123, str="Woensdag 5 december 2001
(dutch)", User-Name="emile", resp. will cause the following record to be
written to the logfile (assuming that these three attribute are all passed by
the interface's ACL):
Woensdag 5 december 2001 (dutch)
NAS-Port = 123
User-Name = "emile"
Notice the empty line at the end; this signifies the end of the record.
The only pair returned by the module is an 'int' with value 1.
TODO: make the logger re-open its output file for append for each request,
instead of keeping it open forever. You now have to kill the module after
rotating the logs.
TODO: when we close the logfile after making an entry, we can check its
return status and actually return something meaningful in the 'int', allowing
you to drop the request if it couldn't be logged for any reason, causing
smart RADIUS clients to possibly divert to another box, etc.
TODO: we should define an extra attribute in dict.internal (eg. log-dest)
and use this attribute in the module to optionally override the output
filename specified on the command line. This allows logging destinations
to be dependent on things like username suffixes, NAS IP addresses, request
source IP addresses, whatever.