summaryrefslogtreecommitdiffstats
path: root/raddb/mods-available/linelog
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--raddb/mods-available/linelog170
1 files changed, 170 insertions, 0 deletions
diff --git a/raddb/mods-available/linelog b/raddb/mods-available/linelog
new file mode 100644
index 0000000..66d2682
--- /dev/null
+++ b/raddb/mods-available/linelog
@@ -0,0 +1,170 @@
+# -*- text -*-
+#
+# $Id$
+
+#
+# The "linelog" module will log one line of text to a file.
+# Both the filename and the line of text are dynamically expanded.
+#
+# We STRONGLY suggest that you do not use data from the
+# packet as part of the filename.
+#
+linelog {
+ #
+ # The file where the logs will go.
+ #
+ # If the filename is "syslog", then the log messages will
+ # go to syslog.
+ #
+ # The output can be directed to stdout by using /dev/stdout
+ #
+ filename = ${logdir}/linelog
+
+ #
+ # Most file systems can handly nearly the full range of UTF-8
+ # characters. Ones that can deal with a limited range should
+ # set this to "yes".
+ #
+ escape_filenames = no
+
+ #
+ # The Unix-style permissions on the log file.
+ #
+ # Depending on format string, the log file may contain secret or
+ # private information about users. Keep the file permissions as
+ # restrictive as possible.
+ permissions = 0600
+
+ # The Unix group which owns the log file.
+ #
+ # The user that freeradius runs as must be in the specified
+ # group, otherwise it will not be possible to set the group.
+# group = ${security.group}
+
+ # Syslog facility (if logging via syslog).
+ # Defaults to the syslog_facility config item in radiusd.conf.
+ # Standard facilities are:
+ # - kern Messages generated by the kernel. These cannot
+ # be generated by any user processes.
+ # - user Messages generated by random user processes.
+ # This is the default facility identifier if
+ # none is specified.
+ # - mail The mail system.
+ # - daemon System daemons, such as routed(8), that are not
+ # provided for explicitly by other facilities.
+ # - auth The authorization system: login(1), su(1),
+ # getty(8), etc.
+ # - lpr The line printer spooling system: cups-lpd(8),
+ # cupsd(8), etc.
+ # - news The network news system.
+ # - uucp The uucp system.
+ # - cron The cron daemon: cron(8).
+ # - authpriv The same as LOG_AUTH, but logged to a file
+ # readable only by selected individuals.
+ # - ftp The file transfer protocol daemons: ftpd(8),
+ # tftpd(8).
+ # - local[0-7] Reserved for local use.
+# syslog_facility = daemon
+
+ # Syslog severity (if logging via syslog). Defaults to info.
+ # Possible values are:
+ # - emergency A panic condition. This is normally broadcast
+ # to all users.
+ # - alert A condition that should be corrected immediately,
+ # such as a corrupted system database.
+ # - critical Critical conditions, e.g., hard device errors.
+ # - error Errors.
+ # - warning Warning messages.
+ # - notice Conditions that are not error conditions, but
+ # should possibly be handled specially.
+ # - info Informational messages.
+ # - debug Messages that contain information normally of use
+ # only when debugging a program.
+# syslog_severity = info
+
+ # If logging via syslog, the severity can be set here.
+ # Defaults to info.
+
+ #
+ # Optional header format string.
+ # Written to the first line of any newly created log file
+# header = "This is a header line"
+
+ #
+ # The default format string.
+ format = "This is a log message for %{User-Name}"
+
+ #
+ # This next line can be omitted. If it is omitted, then
+ # the log message is static, and is always given by "format",
+ # above.
+ #
+ # If it is defined, then the string is dynamically expanded,
+ # and the result is used to find another configuration entry
+ # here, with the given name. That name is then used as the
+ # format string.
+ #
+ # If the configuration entry cannot be found, then no log
+ # message is printed.
+ #
+ # i.e. You can have many log messages in one "linelog" module.
+ # If this two-step expansion did not exist, you would have
+ # needed to configure one "linelog" module for each log message.
+
+ #
+ # Reference the Packet-Type (Access-Accept, etc.) If it doesn't
+ # exist, reference the "default" entry.
+ #
+ # This is for "linelog" being used in the post-auth section
+ # If you want to use it in "authorize", you need to change
+ # the reference to "messages.%{%{Packet-Type}:-default}",
+ # and then add the appropriate messages.
+ #
+ reference = "messages.%{%{reply:Packet-Type}:-default}"
+
+ #
+ # The messages defined here are taken from the "reference"
+ # expansion, above.
+ #
+ messages {
+ default = "Unknown packet type %{Packet-Type}"
+
+ Access-Accept = "Accepted user: %{User-Name}"
+ Access-Reject = "Rejected user: %{User-Name}"
+ Access-Challenge = "Sent challenge: %{User-Name}"
+ }
+}
+
+#
+# Another example, for accounting packets.
+#
+linelog log_accounting {
+ #
+ # Used if the expansion of "reference" fails.
+ #
+ format = ""
+
+ filename = ${logdir}/linelog-accounting
+
+ permissions = 0600
+
+ reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
+
+ #
+ # Another example:
+ #
+ #
+ Accounting-Request {
+ Start = "Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})"
+ Stop = "Disconnect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address}) %{Acct-Session-Time} seconds"
+
+ # Don't log anything for these packets.
+ Alive = ""
+
+ Accounting-On = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just came online"
+ Accounting-Off = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just went offline"
+
+ # don't log anything for other Acct-Status-Types.
+ unknown = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) sent unknown Acct-Status-Type %{Acct-Status-Type}"
+ }
+}