Module interface
   Packet handling


   Using VSAs
   Installing on OSX

Mailing list...


Other software...

OpenRADIUS Logger module

The logger module is a shell script that logs accounting (or authentication) requests in standard Livingston-style accounting format. The attributes to be logged can be selected using an attribute ACL (the 'sendattr'-list) for an interface that uses this module.
The module should be run from OpenRADIUS using an interface definition like this (see also the included example configuration file):
interface(name = "...",
	  sendattr = "str",
	  sendattr = "User-Name",
	  sendattr = ...,
	  prog = "radlogger [options] file",
	  flags = Ascii + Double-Backslash + 
	  	  Short-Attr + Named-Const + 
		  Add-Tab + Add-Spaces, 

The 'Ascii' and 'Double-Backslash' flags are required for any interface that uses this module. The other flags are optional and define how the logged A/V pairs will be formatted. The ones shown will provide compatibility with the standard Livingston format.

The 'sendattr' ACL is important; you should only specify the attributes that you actually want logged. Of course you can start out with no ACL and then create one, leaving everything out that you saw logged but didn't want. The 'str' attribute should always be included; this defines the log entry's header (normally a formatted time/date string in Livingston-style files).

The following command line options are provided:

Output debugging messages on standard error (fd 2, which can also be redirected by OpenRADIUS using its '-o' option).
Suppress a blank line at the end of each logged message. This is most useful if you're not logging any A/V pairs and you want the logged headers to appear without empty lines between them.
Redirect debugging messages somewhere else. If you don't want debugging messages to appear on standard error (which can still be redirected by OpenRADIUS itself), you can specify an alternative destination using this option.
The module simply writes all A/V pairs that are sent by OpenRADIUS to the log file specified on the command line, with the exception of the 'str' attribute, of which the bare value is prepended to the log entry.

So, sending the attributes NAS-Port=123, str="Woensdag 5 december 2001 (dutch)", User-Name="emile", resp. will cause the following record to be written to the logfile (assuming that these three attribute are all passed by the interface's ACL):

Woensdag 5 december 2001 (dutch)
	NAS-Port = 123
	User-Name = "emile"

Notice the empty line at the end; this signifies the end of the record.

The only pair returned by the module is an 'int' with value 1.

TODO: make the logger re-open its output file for append for each request, instead of keeping it open forever. You now have to kill the module after rotating the logs.

TODO: when we close the logfile after making an entry, we can check its return status and actually return something meaningful in the 'int', allowing you to drop the request if it couldn't be logged for any reason, causing smart RADIUS clients to possibly divert to another box, etc.

TODO: we should define an extra attribute in dict.internal (eg. log-dest) and use this attribute in the module to optionally override the output filename specified on the command line. This allows logging destinations to be dependent on things like username suffixes, NAS IP addresses, request source IP addresses, whatever.

This standard module is included with the server, installed by default and has been placed in the public domain.

Generated on Sat Jul 2 01:18:04 2011 by /