# -*- text -*-
#
#  $Id$

# Write a detailed log of all accounting records received.
#
detail {
	#  Note that we do NOT use NAS-IP-Address here, as
	#  that attribute MAY BE from the originating NAS, and
	#  NOT from the proxy which actually sent us the
	#  request.
	#
	#  The following line creates a new detail file for
	#  every radius client (by IP address or hostname).
	#  In addition, a new detail file is created every
	#  day, so that the detail file doesn't have to go
	#  through a 'log rotation'
	#
	#  If your detail files are large, you may also want to add
	#  a ':%H' (see doc/configuration/variables.rst) to the end
	#  of it, to create a new detail file every hour, e.g.:
	#
	#   ..../detail-%Y%m%d:%H
	#
	#  This will create a new detail file for every hour.
	#
	#  If you are reading detail files via the "listen" section
	#  (e.g. as in raddb/sites-available/robust-proxy-accounting),
	#  you MUST use a unique directory for each combination of a
	#  detail file writer, and reader.  That is, there can only
	#  be ONE "listen" section reading detail files from a
	#  particular directory.
	#
	#  The configuration below puts the detail files into separate
	#  directories for each client.  If you are reading the detail
	#  files via the "listen" section, just use one directory.
	#
	#  e.g. filename = ${radacctdir}/reader1/detail-%Y%m%d
	#
	#  AND use a separate directory (reader2, reader3, etc.) for each
	#  reader.
	#
	filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d

	#
	#  If you are using radrelay, delete the above line for "file",
	#  and use this one instead:
	#
#	filename = ${radacctdir}/detail

	#
	#  Most file systems can handly nearly the full range of UTF-8
	#  characters.  Ones that can deal with a limited range should
	#  set this to "yes".
	#
	escape_filenames = no

	#
	#  The Unix-style permissions on the 'detail' file.
	#
	#  The detail file often contains secret or private
	#  information about users.  So by keeping the file
	#  permissions restrictive, we can prevent unwanted
	#  people from seeing that information.
	permissions = 0600

	# The Unix group of the log file.
	#
	# The user that the server runs as must be in the specified
	# system group otherwise this will fail to work.
	#
#	group = ${security.group}

	#
	#  Every entry in the detail file has a header which
	#  is a timestamp.  By default, we use the ctime
	#  format (see "man ctime" for details).
	#
	#  The header can be customised by editing this
	#  string.  See "doc/configuration/variables.rst" for a
	#  description of what can be put here.
	#
	header = "%t"

	#
	#  Uncomment this line if the detail file reader will be
	#  reading this detail file.
	#
#	locking = yes

	#
	#  Log the Packet src/dst IP/port.  This is disabled by
	#  default, as that information isn't used by many people.
	#
#	log_packet_header = yes

	#
	# Certain attributes such as User-Password may be
	# "sensitive", so they should not be printed in the
	# detail file.  This section lists the attributes
	# that should be suppressed.
	#
	# The attributes should be listed one to a line.
	#
	#suppress {
		# User-Password
	#}

}