[RADIATOR] custom logging configuration

Sat, 06 Feb 2016 23:18:07 -0800 

Hello All -

I have recently built some custom logging for a customer and I thought it might 
be interesting to post an overview here.

This will also be included in “goodies/hooks.txt” in future releases.

The requested feature was to forward for each session the username and 
associated IP address, together with a timestamp to a firewall and a security 
device using SYSLOG.

This example shows logging to SYSLOG, but any other <Log ….> target(s) will 
work equally well.

Here is the configuration file that I used for testing:


# log.cfg

Foreground
LogStdout
LogDir          .
DbDir           .
# User a lower trace level in production systems:
Trace           4

<Client DEFAULT>
        Secret  mysecret
</Client>

<AuthBy GROUP>
        # define Log clauses here so they aren’t global loggers
        <Log SYSLOG>
                Identifier SyslogToFirewall
                # add syslog specific details here
                Trace 3
        </Log>
        <Log SYSLOG>
                Identifier SyslogToSecurityDevice
                # add syslog specific details here
                Trace 3
        </Log>
</AuthBy>

<Handler Request-Type = Accounting-Request>
        PreAuthHook file:"%D/sysloglogger.pl"
        <AuthBy INTERAL>
                AuthResult REJECT
                AcctResult ACCEPT
        </AuthBy>
        # Log accounting to a detail file
        AcctLogFileName %L/detail
</Handler>

<Handler>
        <AuthBy FILE>
                Filename %D/users
        </AuthBy>
</Handler>


and here is the hook code:


# sysloglogger.pl
# Radiator hook to send SYSLOG messages
# to firewall and security device with
# Timestamp, User-Name and Framed-IP-Address
#
# Hugh Irvine, OSC, 20160206

sub
{
        my $p = ${$_[0]};

        my $acctstatus = $p->get_attr('Acct-Status-Type');
        return unless $acctstatus eq 'Start';

        my $user = $p->get_attr('User-Name');
        my $ipaddress = $p->get_attr('Framed-IP-Address');
        my $message = "user = $user, ip = $ipaddress";

        my $syslogtofw = Radius::Configurable::find('Log', 'SyslogToFirewall');

        if ($syslogtofw)
        {
                $syslogtofw->log($main::LOG_INFO, $message, $p);
        }

        my $syslogtosd = Radius::Configurable::find('Log', 
'SyslogToSecurityDevice');

        if ($syslogtosd)
        {
                $syslogtosd->log($main::LOG_INFO, $message, $p);
        }

        return;
}


Hopefully someone finds this useful.

regards

Hugh

--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to