Two ideas I'm thinking of...
-While I'm testing out radiator with radpwtst (a wonderful tool, BTW) and
then later on one chassis, I found the password logging feature to be a
wonderful final test to see that folks were actually getting in. When I
showed it to the support people, they got really excited at being able to
see any FAILs in the log.
What I'd like to see is an option in the password logging to only log
failed attempts showing the username, time, and the password the
user entered. This would be a wonderful tool to give my support
people, but I don't want to see the encrypted pass or any correct
passwords laying around in a file.
-As for options on the standard logging, what about just adding more knobs
to the <LOG> directive? Either a way to configure your own trace level
definitions or something like:
<LOG blah>
Identifier myloggingdefs
TraceLevel 1 -STARTUP -PARSECONFIG
TraceLevel 2
TraceLevel 3 +FAILEDAUTH +SESSIONDB
FileName %D/foo.log
</LOG>
I'm a bit new to radiator, and I don't have the manual in front of me, so
the above is just a guess at how current trace levels contain. But what
I'm getting at is a way to add/remove certain parts of each trace level
while still getting all the default information that particular trace
level defines... Does that make sense?
The above would give me all the info trace 1 gives, minus config file
errors, and minus the startup messages, give me all level 2 events, all
level 3 events and add "failedauth" and "sessiondb" events from level 4...
Charles
| Charles Sprickman | Internet Channel
| INCH System Administration Team | (212)243-5200
| [EMAIL PROTECTED] | [EMAIL PROTECTED]
On Fri, 23 Jun 2000, Hugh Irvine wrote:
>
> Hello Brian, Darwin, and everyone else who is interested in Logging -
>
> Well, you just can't win. The log level of some events was changed for some
> events at the request of some of our customers (obviously not you ....). If
> this is a real problem, all I can suggest is that you troll through the code
> and change whatever Log events you wish to the log level that you desire.
>
> I realise this is not an ideal solution, but one of the things on our list is
> to greatly enhance the logging subsystem. Things we are considering include
> the ability to set logging levels for various events in the configuration file
> and varying the log level in different sections of the configuration file.
>
> As always, if anyone has good ideas on this topic we would like to hear them.
>
> thanks
>
> Hugh
>
>
>
> On Fri, 23 Jun 2000, Brian Morris wrote:
> > Hugh,
> >
> > Could you please expand on this statement a little - I liked getting those
> > messages ;-) They helped with diagnosing customer login problems.
> >
> > Can you tell us all how/where they are found in 2.16.1
> >
> > Regards,
> >
> > Brian Morris
> >
> >
> > ----- Original Message -----
> > From: Hugh Irvine <[EMAIL PROTECTED]>
> > To: Darwin A. Bawasanta <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Friday, June 23, 2000 3:22 PM
> > Subject: Re: (RADIATOR) 2.16.1 LOG question
> >
> >
> > >
> > > Hello Darwin -
> > >
> > > Nothing went wrong, but some of the logging was moved around.
> > >
> > > regards
> > >
> > > Hugh
> > >
> > >
> > > On Fri, 23 Jun 2000, Darwin A. Bawasanta wrote:
> > > > Hello All,
> > > >
> > > > I just recently upgraded my radiator from 2.14 to 2.16.1. it seems to
> > > > be running fine but i noticed something else is lacking. i don't see
> > > > "Bad Password" & "No Such User" messages on trace 3 but i can see them
> > > > on trace 4 tho. version 2.14 was giving me these error messages on
> > > > trace 3.
> > > >
> > > > any ideas what went wrong?
> > > > --
> > > > __
> > > > OO- `. darwin a. bawasanta [EMAIL PROTECTED] pgp-id: 0x367CADAC
> > > > * ||| Network Security/Systems Development SKYinternet, Inc.
> > > > L_(_/ ofc: +63 32 253-6677 mobile: +63 917 322-6299
> > > > |||==
> > > > ((_| "If the facts don't fit the theory, change the facts."
> > > >
> > > > ===
> > > > Archive at http://www.starport.net/~radiator/
> > > > Announcements on [EMAIL PROTECTED]
> > > > To unsubscribe, email '[EMAIL PROTECTED]' with
> > > > 'unsubscribe radiator' in the body of the message.
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> > > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
> > >
> > >
> > >
> > > ===
> > > Archive at http://www.starport.net/~radiator/
> > > Announcements on [EMAIL PROTECTED]
> > > To unsubscribe, email '[EMAIL PROTECTED]' with
> > > 'unsubscribe radiator' in the body of the message.
> > >
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
