-
Notifications
You must be signed in to change notification settings - Fork 0
/
linelog
124 lines (103 loc) · 6.75 KB
/
linelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# -*- text -*-
#
# $Id: 779752bc10c156ba1981810186a4af828a18c014 $
#
# The "linelog" module will log one line of text to a file.
# Both the filename and the line of text are dynamically expanded.
#
# We STRONGLY suggest that you do not use data from the
# packet as part of the filename.
#
linelog {
#
# The file where the logs will go.
#
# If the filename is "syslog", then the log messages will
# go to syslog.
# filename = ${logdir}/linelog
filename = syslog
#
# The Unix-style permissions on the log file.
#
# Depending on format string, the log file may contain secret or
# private information about users. Keep the file permissions as
# restrictive as possible.
permissions = 0655
#
# The Unix group which owns the log file.
#
# The user that freeradius runs as must be in the specified
# group, otherwise it will not be possible to set the group.
#
# group = ${security.group}
#
# If logging via syslog, the facility can be set here. Otherwise
# the syslog_facility option in radiusd.conf will be used.
#
syslog_facility = daemon
#
# The default format string.
format = "This is a log message for %{User-Name}"
#
# This next line can be omitted. If it is omitted, then
# the log message is static, and is always given by "format",
# above.
#
# If it is defined, then the string is dynamically expanded,
# and the result is used to find another configuration entry
# here, with the given name. That name is then used as the
# format string.
#
# If the configuration entry cannot be found, then no log
# message is printed.
#
# i.e. You can have many log messages in one "linelog" module.
# If this two-step expansion did not exist, you would have
# needed to configure one "linelog" module for each log message.
#
# Reference the Packet-Type (Access-Request, etc.) If it doesn't
# exist, reference the "format" entry, above.
reference = "messages.%{%{Packet-Type}:-default}"
#
# The messages defined here are taken from the "reference"
# expansion, above.
#
messages {
default = "Unknown packet type %{Packet-Type}"
Access-Request = "Requested access: %{User-Name}"
Access-Reject = "Rejected access: %{User-Name}"
Access-Challenge = "Sent challenge: %{User-Name}"
}
}
#
# Another example, for accounting packets.
#
linelog log_accounting {
#
# Used if the expansion of "reference" fails.
#
format = ""
#filename = syslog
filename = ${logdir}/linelog-accounting
permissions = 0655
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
#
# 17/03/16: Johan
# Formattage JSON de accounting pour interpretation par nxlog
# puis centralisation Graylog
#
#
Accounting-Request {
#Start = "Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})"
#Stop = "Disconnect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address}) %{Acct-Session-Time} seconds"
Start = "{\"RadacctStatusType\":\"Start\",\"RadacctNASIP\":\"%{NAS-IP-Address}\",\"RadacctUser\":\"%{User-Name}\",\"RadacctSessionId\":\"%{Acct-Session-Id}\",\"RadacctFramedIP\":\"%{Framed-IP-Address}\",\"RadacctNASId\":\"%{NAS-Identifier}\",\"RadacctCiscoAVPair\":\"%{Cisco-AVPair}\",\"RadacctVLAN\":\"%{Tunnel-Private-Group-Id:0}\",\"RadacctTunnelType\":\"%{Tunnel-Type:0}\",\"RadacctMediumType\":\"%{Tunnel-Medium-Type:0}\",\"RadacctCallingStationId\":\"%{Calling-Station-Id}\",\"RadacctCalledStationId\":\"%{Called-Station-Id}\",\"RadacctEventTimestamp\":\"%{Event-Timestamp}\",\"RadacctUniqueSessionId\":\"%{Acct-Unique-Session-Id}\",\"RadacctStrippedUserName\":\"%{Stripped-User-Name}\",\"RadacctRealm\":\"%{Realm}\"}"
Stop = "{\"RadacctStatusType\":\"Stop\",\"RadacctNASIP\":\"%{NAS-IP-Address}\",\"RadacctUser\":\"%{User-Name}\",\"RadacctSessionId\":\"%{Acct-Session-Id}\",\"RadacctFramedIP\":\"%{Framed-IP-Address}\",\"RadacctNASId\":\"%{NAS-Identifier}\",\"RadacctCiscoAVPair\":\"%{Cisco-AVPair}\",\"RadacctVLAN\":\"%{Tunnel-Private-Group-Id:0}\",\"RadacctTunnelType\":\"%{Tunnel-Type:0}\",\"RadacctMediumType\":\"%{Tunnel-Medium-Type:0}\",\"RadacctInputOctets\":\"%{Acct-Input-Octets}\",\"RadacctOutputOctets\":\"%{Acct-Output-Octets}\",\"RadacctInputPackets\":\"%{Acct-Input-Packets}\",\"RadacctOutputPackets\":\"%{Acct-Output-Packets}\",\"RadacctTerminateCause\":\"%{Acct-Terminate-Cause}\",\"RadacctSessionTime\":\"%{Acct-Session-Time}\",\"RadacctDelayTime\":\"%{Acct-Delay-Time}\",\"RadacctCallingStationId\":\"%{Calling-Station-Id}\",\"RadacctCalledStationId\":\"%{Called-Station-Id}\",\"RadacctEventTimestamp\":\"%{Event-Timestamp}\",\"RadacctUniqueSessionId\":\"%{Acct-Unique-Session-Id}\",\"RadacctStrippedUserName\":\"%{Stripped-User-Name}\",\"RadacctRealm\":\"%{Realm}\"}"
Interim-Update = "{\"RadacctStatusType\":\"Interim-Update\",\"RadacctNASIP\":\"%{NAS-IP-Address}\",\"RadacctUser\":\"%{User-Name}\",\"RadacctSessionId\":\"%{Acct-Session-Id}\",\"RadacctFramedIP\":\"%{Framed-IP-Address}\",\"RadacctNASId\":\"%{NAS-Identifier}\",\"RadacctCiscoAVPair\":\"%{Cisco-AVPair}\",\"RadacctVLAN\":\"%{Tunnel-Private-Group-Id:0}\",\"RadacctTunnelType\":\"%{Tunnel-Type:0}\",\"RadacctMediumType\":\"%{Tunnel-Medium-Type:0}\",\"RadacctInputOctets\":\"%{Acct-Input-Octets}\",\"RadacctOutputOctets\":\"%{Acct-Output-Octets}\",\"RadacctInputPackets\":\"%{Acct-Input-Packets}\",\"RadacctOutputPackets\":\"%{Acct-Output-Packets}\",\"RadacctSessionTime\":\"%{Acct-Session-Time}\",\"RadacctDelayTime\":\"%{Acct-Delay-Time}\",\"RadacctCallingStationId\":\"%{Calling-Station-Id}\",\"RadacctCalledStationId\":\"%{Called-Station-Id}\",\"RadacctEventTimestamp\":\"%{Event-Timestamp}\",\"RadacctUniqueSessionId\":\"%{Acct-Unique-Session-Id}\",\"RadacctStrippedUserName\":\"%{Stripped-User-Name}\",\"RadacctRealm\":\"%{Realm}\"}"
# Don't log anything for these packets.
Alive = ""
Accounting-On = "NAS %{Packet-Src-IP-Address} (%{NAS-IP-Address}) just came online"
Accounting-Off = "NAS %{Packet-Src-IP-Address} (%{NAS-IP-Address}) just went offline"
# don't log anything for other Acct-Status-Types.
unknown = "NAS %{Packet-Src-IP-Address} (%{NAS-IP-Address}) sent unknown Acct-Status-Type %{Acct-Status-Type}"
}
}