I like this, very simple. Please ensure that this ends up in goodies. Thanks, Barry
On Fri, Feb 5, 2016 at 5:47 AM, Heikki Vatiainen <h...@open.com.au> wrote: > On 2.2.2016 13.14, Karl Gaissmaier wrote: > > > yes, like heka http://hekad.readthedocs.org as forwarding agent and/or > > anomaly processor. > > Interesting, thanks for sharing this. > > > Heka has also a sandboxed Lua interpreter to decode unusual log formats, > > maybe I'll not implement the hook in RADIATOR. > > > > Maybe it's really enough to create normal logs and use heka (or similar > > tools) > > to process anomaly detection and forward it to graphite/influxdb. > > Meanwhile, I did a basic Influxdb and Grafana installation to test it a > little. Below is a simple AuthLog FILE format hook that creates an entry > in Influxdb line protocol format and sends it before logging it to a > file. It simply removes some of the characters that need to be quoted in > the line protocol format and creates a new socket for each call. It's > very primitive but, it will do basic logging and is a quick way to > experiment and get something stored in Influxdb and visible in Grafana. > > The entry that gets logged in authlog file is useful to see how the line > that was sent to Influxdb was formatted. > > # AuthLog in InfluxDB format > sub > { > my ($s, $reason, $p) = @_; > > my $ap = $p->get_attr('NAS-Identifier'); > my $client_mac = $p->get_attr('Calling-Station-Id'); > my $username = $p->get_attr('User-Name'); > > my ($sec, $usec) = Radius::Util::getTimeHires(); > my $influxtime = "$sec$usec"."000"; > > # Strip space, \ and " > # See Influxdb docs for what/how to quote > $username =~ s/[ \\"]//g; > $reason =~ s/[ \\"]//g; > > my $dp; # InfluxDB line protocol data point > if ($s == $main::ACCEPT) > { > my $key = > "radius,type=accept,ap=$ap,special=$username,special_type=username"; > > my $fields = "value=\"$username\""; > $dp = "$key $fields $influxtime"; > } > elsif ($s == $main::REJECT) > { > my $key = > "radius,type=rejected,ap=$ap,special=$reason,special_type=reason"; > > my $fields = "value=\"$username\",special_val=\"$reason\""; > $dp = "$key $fields $influxtime"; > } > > use IO::Socket::INET; > my $socket = IO::Socket::INET->new(PeerAddr => '127.0.0.1', > PeerPort => '8090', > Proto => 'udp'); > $socket->send($dp . "\n"); > return $dp; > } > > Here's the config I used. > > Foreground > LogStdout > LogDir . > DbDir . > Trace 4 > > <Client DEFAULT> > Secret mysecret > </Client> > > <AuthLog FILE> > Identifier myauthlogger-influxdb > Filename %L/authlog-influx.txt > LogFormatHook file:"%D/format-influx.pl" > LogSuccess 1 > LogFailure 1 > </AuthLog> > > <Handler> > <AuthBy FILE> > Filename %D/users > </AuthBy> > > AuthLog myauthlogger-influxdb > </Handler> > > > -- > Heikki Vatiainen <h...@open.com.au> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > -- Barry Ard barry....@ualberta.ca IST University of Alberta Edmonton, Alberta Canada
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
