1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
# -*- text -*-
#
# $Id$
#
# The "linelog" module will log one line of text to a file.
# Both the filename and the line of text are dynamically expanded.
#
# We STRONGLY suggest that you do not use data from the
# packet as part of the filename.
#
linelog {
#
# The file where the logs will go.
#
# If the filename is "syslog", then the log messages will
# go to syslog.
#
# The output can be directed to stdout by using /dev/stdout
#
filename = ${logdir}/linelog
#
# Most file systems can handly nearly the full range of UTF-8
# characters. Ones that can deal with a limited range should
# set this to "yes".
#
escape_filenames = no
#
# The Unix-style permissions on the log file.
#
# Depending on format string, the log file may contain secret or
# private information about users. Keep the file permissions as
# restrictive as possible.
permissions = 0600
# The Unix group which owns the log file.
#
# The user that freeradius runs as must be in the specified
# group, otherwise it will not be possible to set the group.
# group = ${security.group}
# Syslog facility (if logging via syslog).
# Defaults to the syslog_facility config item in radiusd.conf.
# Standard facilities are:
# - kern Messages generated by the kernel. These cannot
# be generated by any user processes.
# - user Messages generated by random user processes.
# This is the default facility identifier if
# none is specified.
# - mail The mail system.
# - daemon System daemons, such as routed(8), that are not
# provided for explicitly by other facilities.
# - auth The authorization system: login(1), su(1),
# getty(8), etc.
# - lpr The line printer spooling system: cups-lpd(8),
# cupsd(8), etc.
# - news The network news system.
# - uucp The uucp system.
# - cron The cron daemon: cron(8).
# - authpriv The same as LOG_AUTH, but logged to a file
# readable only by selected individuals.
# - ftp The file transfer protocol daemons: ftpd(8),
# tftpd(8).
# - local[0-7] Reserved for local use.
# syslog_facility = daemon
# Syslog severity (if logging via syslog). Defaults to info.
# Possible values are:
# - emergency A panic condition. This is normally broadcast
# to all users.
# - alert A condition that should be corrected immediately,
# such as a corrupted system database.
# - critical Critical conditions, e.g., hard device errors.
# - error Errors.
# - warning Warning messages.
# - notice Conditions that are not error conditions, but
# should possibly be handled specially.
# - info Informational messages.
# - debug Messages that contain information normally of use
# only when debugging a program.
# syslog_severity = info
# If logging via syslog, the severity can be set here.
# Defaults to info.
#
# Optional header format string.
# Written to the first line of any newly created log file
# header = "This is a header line"
#
# The default format string.
format = "This is a log message for %{User-Name}"
#
# This next line can be omitted. If it is omitted, then
# the log message is static, and is always given by "format",
# above.
#
# If it is defined, then the string is dynamically expanded,
# and the result is used to find another configuration entry
# here, with the given name. That name is then used as the
# format string.
#
# If the configuration entry cannot be found, then no log
# message is printed.
#
# i.e. You can have many log messages in one "linelog" module.
# If this two-step expansion did not exist, you would have
# needed to configure one "linelog" module for each log message.
#
# Reference the Packet-Type (Access-Accept, etc.) If it doesn't
# exist, reference the "default" entry.
#
# This is for "linelog" being used in the post-auth section
# If you want to use it in "authorize", you need to change
# the reference to "messages.%{%{Packet-Type}:-default}",
# and then add the appropriate messages.
#
reference = "messages.%{%{reply:Packet-Type}:-default}"
#
# The messages defined here are taken from the "reference"
# expansion, above.
#
messages {
default = "Unknown packet type %{Packet-Type}"
Access-Accept = "Accepted user: %{User-Name}"
Access-Reject = "Rejected user: %{User-Name}"
Access-Challenge = "Sent challenge: %{User-Name}"
}
}
#
# Another example, for accounting packets.
#
linelog log_accounting {
#
# Used if the expansion of "reference" fails.
#
format = ""
filename = ${logdir}/linelog-accounting
permissions = 0600
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
#
# Another example:
#
#
Accounting-Request {
Start = "Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})"
Stop = "Disconnect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address}) %{Acct-Session-Time} seconds"
# Don't log anything for these packets.
Alive = ""
Accounting-On = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just came online"
Accounting-Off = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just went offline"
# don't log anything for other Acct-Status-Types.
unknown = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) sent unknown Acct-Status-Type %{Acct-Status-Type}"
}
}
|
