On 2.2.2016 13.14, Karl Gaissmaier wrote:
> yes, like heka http://hekad.readthedocs.org as forwarding agent and/or
> anomaly processor.
Interesting, thanks for sharing this.
> Heka has also a sandboxed Lua interpreter to decode unusual log formats,
> maybe I'll not implement the hook in RADIATOR.
>
> Maybe it's really enough to create normal logs and use heka (or similar
> tools)
> to process anomaly detection and forward it to graphite/influxdb.
Meanwhile, I did a basic Influxdb and Grafana installation to test it a
little. Below is a simple AuthLog FILE format hook that creates an entry
in Influxdb line protocol format and sends it before logging it to a
file. It simply removes some of the characters that need to be quoted in
the line protocol format and creates a new socket for each call. It's
very primitive but, it will do basic logging and is a quick way to
experiment and get something stored in Influxdb and visible in Grafana.
The entry that gets logged in authlog file is useful to see how the line
that was sent to Influxdb was formatted.
# AuthLog in InfluxDB format
sub
{
my ($s, $reason, $p) = @_;
my $ap = $p->get_attr('NAS-Identifier');
my $client_mac = $p->get_attr('Calling-Station-Id');
my $username = $p->get_attr('User-Name');
my ($sec, $usec) = Radius::Util::getTimeHires();
my $influxtime = "$sec$usec"."000";
# Strip space, \ and "
# See Influxdb docs for what/how to quote
$username =~ s/[ \\"]//g;
$reason =~ s/[ \\"]//g;
my $dp; # InfluxDB line protocol data point
if ($s == $main::ACCEPT)
{
my $key =
"radius,type=accept,ap=$ap,special=$username,special_type=username";
my $fields = "value=\"$username\"";
$dp = "$key $fields $influxtime";
}
elsif ($s == $main::REJECT)
{
my $key =
"radius,type=rejected,ap=$ap,special=$reason,special_type=reason";
my $fields = "value=\"$username\",special_val=\"$reason\"";
$dp = "$key $fields $influxtime";
}
use IO::Socket::INET;
my $socket = IO::Socket::INET->new(PeerAddr => '127.0.0.1',
PeerPort => '8090',
Proto => 'udp');
$socket->send($dp . "\n");
return $dp;
}
Here's the config I used.
Foreground
LogStdout
LogDir .
DbDir .
Trace 4
<Client DEFAULT>
Secret mysecret
</Client>
<AuthLog FILE>
Identifier myauthlogger-influxdb
Filename %L/authlog-influx.txt
LogFormatHook file:"%D/format-influx.pl"
LogSuccess 1
LogFailure 1
</AuthLog>
<Handler>
<AuthBy FILE>
Filename %D/users
</AuthBy>
AuthLog myauthlogger-influxdb
</Handler>
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
