1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
# -*- text -*-
#
# $Id$
# Write a detailed log of all accounting records received.
#
detail {
# Note that we do NOT use NAS-IP-Address here, as
# that attribute MAY BE from the originating NAS, and
# NOT from the proxy which actually sent us the
# request.
#
# The following line creates a new detail file for
# every radius client (by IP address or hostname).
# In addition, a new detail file is created every
# day, so that the detail file doesn't have to go
# through a 'log rotation'
#
# If your detail files are large, you may also want to add
# a ':%H' (see doc/configuration/variables.rst) to the end
# of it, to create a new detail file every hour, e.g.:
#
# ..../detail-%Y%m%d:%H
#
# This will create a new detail file for every hour.
#
# If you are reading detail files via the "listen" section
# (e.g. as in raddb/sites-available/robust-proxy-accounting),
# you MUST use a unique directory for each combination of a
# detail file writer, and reader. That is, there can only
# be ONE "listen" section reading detail files from a
# particular directory.
#
# The configuration below puts the detail files into separate
# directories for each client. If you are reading the detail
# files via the "listen" section, just use one directory.
#
# e.g. filename = ${radacctdir}/reader1/detail-%Y%m%d
#
# AND use a separate directory (reader2, reader3, etc.) for each
# reader.
#
filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
#
# If you are using radrelay, delete the above line for "file",
# and use this one instead:
#
# filename = ${radacctdir}/detail
#
# Most file systems can handly nearly the full range of UTF-8
# characters. Ones that can deal with a limited range should
# set this to "yes".
#
escape_filenames = no
#
# The Unix-style permissions on the 'detail' file.
#
# The detail file often contains secret or private
# information about users. So by keeping the file
# permissions restrictive, we can prevent unwanted
# people from seeing that information.
permissions = 0600
# The Unix group of the log file.
#
# The user that the server runs as must be in the specified
# system group otherwise this will fail to work.
#
# group = ${security.group}
#
# Every entry in the detail file has a header which
# is a timestamp. By default, we use the ctime
# format (see "man ctime" for details).
#
# The header can be customised by editing this
# string. See "doc/configuration/variables.rst" for a
# description of what can be put here.
#
header = "%t"
#
# Uncomment this line if the detail file reader will be
# reading this detail file.
#
# locking = yes
#
# Log the Packet src/dst IP/port. This is disabled by
# default, as that information isn't used by many people.
#
# log_packet_header = yes
#
# There are many, many, issues with dates being printed as
# humanly-readable strings. The server tries hard to both
# print and parse dates correctly, however this is not always
# possible.
#
# The detail files may be generated on one machine, and read
# on another. The two systems may have different languages,
# so the names of the month may not be parseable. The two
# systems may have different time zones. Time zone parsing
# is pretty much impossible, as there are multiple time zones
# with the same name!
#
# In some cases, the local libraries may not be able to
# correctly parse the time zone it printed! i.e. the system
# documentation for the C library time functions sometimes
# even says that the time zones are ignored, and the dates
# are parsed as UTC.
#
# All of these issues can be avoided by printing the dates as
# integer. In nearly all cases, the integer printed is
# exactly what was received in the packet.
#
# This may resolve some issues, but it's not perfect. The
# dates received by FreeRADIUS are sent by the NAS, and
# created on the NAS. So if the time on the NAS is wrong,
# the dates printed by FreeRADIUS will also be wrong. The
# only solution is to make sure that the NAS is using the
# correct time.
#
# dates_as_integer = yes
#
# Certain attributes such as User-Password may be
# "sensitive", so they should not be printed in the
# detail file. This section lists the attributes
# that should be suppressed.
#
# The attributes should be listed one to a line.
#
#suppress {
# User-Password
#}
}
|
