diff options
Diffstat (limited to 'raddb/mods-available/linelog')
-rw-r--r-- | raddb/mods-available/linelog | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/raddb/mods-available/linelog b/raddb/mods-available/linelog new file mode 100644 index 0000000..66d2682 --- /dev/null +++ b/raddb/mods-available/linelog @@ -0,0 +1,170 @@ +# -*- text -*- +# +# $Id$ + +# +# The "linelog" module will log one line of text to a file. +# Both the filename and the line of text are dynamically expanded. +# +# We STRONGLY suggest that you do not use data from the +# packet as part of the filename. +# +linelog { + # + # The file where the logs will go. + # + # If the filename is "syslog", then the log messages will + # go to syslog. + # + # The output can be directed to stdout by using /dev/stdout + # + filename = ${logdir}/linelog + + # + # Most file systems can handly nearly the full range of UTF-8 + # characters. Ones that can deal with a limited range should + # set this to "yes". + # + escape_filenames = no + + # + # The Unix-style permissions on the log file. + # + # Depending on format string, the log file may contain secret or + # private information about users. Keep the file permissions as + # restrictive as possible. + permissions = 0600 + + # The Unix group which owns the log file. + # + # The user that freeradius runs as must be in the specified + # group, otherwise it will not be possible to set the group. +# group = ${security.group} + + # Syslog facility (if logging via syslog). + # Defaults to the syslog_facility config item in radiusd.conf. + # Standard facilities are: + # - kern Messages generated by the kernel. These cannot + # be generated by any user processes. + # - user Messages generated by random user processes. + # This is the default facility identifier if + # none is specified. + # - mail The mail system. + # - daemon System daemons, such as routed(8), that are not + # provided for explicitly by other facilities. + # - auth The authorization system: login(1), su(1), + # getty(8), etc. + # - lpr The line printer spooling system: cups-lpd(8), + # cupsd(8), etc. + # - news The network news system. + # - uucp The uucp system. + # - cron The cron daemon: cron(8). + # - authpriv The same as LOG_AUTH, but logged to a file + # readable only by selected individuals. + # - ftp The file transfer protocol daemons: ftpd(8), + # tftpd(8). + # - local[0-7] Reserved for local use. +# syslog_facility = daemon + + # Syslog severity (if logging via syslog). Defaults to info. + # Possible values are: + # - emergency A panic condition. This is normally broadcast + # to all users. + # - alert A condition that should be corrected immediately, + # such as a corrupted system database. + # - critical Critical conditions, e.g., hard device errors. + # - error Errors. + # - warning Warning messages. + # - notice Conditions that are not error conditions, but + # should possibly be handled specially. + # - info Informational messages. + # - debug Messages that contain information normally of use + # only when debugging a program. +# syslog_severity = info + + # If logging via syslog, the severity can be set here. + # Defaults to info. + + # + # Optional header format string. + # Written to the first line of any newly created log file +# header = "This is a header line" + + # + # The default format string. + format = "This is a log message for %{User-Name}" + + # + # This next line can be omitted. If it is omitted, then + # the log message is static, and is always given by "format", + # above. + # + # If it is defined, then the string is dynamically expanded, + # and the result is used to find another configuration entry + # here, with the given name. That name is then used as the + # format string. + # + # If the configuration entry cannot be found, then no log + # message is printed. + # + # i.e. You can have many log messages in one "linelog" module. + # If this two-step expansion did not exist, you would have + # needed to configure one "linelog" module for each log message. + + # + # Reference the Packet-Type (Access-Accept, etc.) If it doesn't + # exist, reference the "default" entry. + # + # This is for "linelog" being used in the post-auth section + # If you want to use it in "authorize", you need to change + # the reference to "messages.%{%{Packet-Type}:-default}", + # and then add the appropriate messages. + # + reference = "messages.%{%{reply:Packet-Type}:-default}" + + # + # The messages defined here are taken from the "reference" + # expansion, above. + # + messages { + default = "Unknown packet type %{Packet-Type}" + + Access-Accept = "Accepted user: %{User-Name}" + Access-Reject = "Rejected user: %{User-Name}" + Access-Challenge = "Sent challenge: %{User-Name}" + } +} + +# +# Another example, for accounting packets. +# +linelog log_accounting { + # + # Used if the expansion of "reference" fails. + # + format = "" + + filename = ${logdir}/linelog-accounting + + permissions = 0600 + + reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" + + # + # Another example: + # + # + Accounting-Request { + Start = "Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})" + Stop = "Disconnect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address}) %{Acct-Session-Time} seconds" + + # Don't log anything for these packets. + Alive = "" + + Accounting-On = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just came online" + Accounting-Off = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just went offline" + + # don't log anything for other Acct-Status-Types. + unknown = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) sent unknown Acct-Status-Type %{Acct-Status-Type}" + } +} |