syslog

classic Classic list List threaded Threaded
7 messages Options
| Threaded
Open this post in threaded view
|

syslog

Miguel Sennoun

Dear freeradius users,

 

I wonder if there is a way to treat freeradius logs with the syslog deamon (or syslog-ng).

 

I tried the option “–l syslog” but It appears it doesn’t works fine.

 

Is there someone who has succeeded to configure freeradius with syslog?

 

Thank you

 

MS


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: syslog

Craig Huckabee
Miguel Sennoun wrote:
>  
>
> I wonder if there is a way to treat freeradius logs with the syslog deamon
> (or syslog-ng).

Yes, we do it here...syslog/syslog-ng either works fine.


> I tried the option "-l syslog" but It appears it doesn't works fine.
>

Set "log_destination = syslog" and

log {
         syslog_facility = daemon
}

in your radiusd.conf.  That will get your authentication/authorization
logs going to syslog under the "daemon" facility.  This is all in the
documentation, BTW.

If you search the list archives, you'll see where Alan kindly pointed
out to me where to make some modifications so accounting info could be
syslog'd as well - I have not had time to do it yet.

HTH,
Craig


--
/ Craig Huckabee        |          e-mail: [hidden email] /
/ Code 715-CH           |           phone: (843) 218 5653       /
/ SPAWAR Systems Center | close proximity: "Hey You!"           /
/ Charleston, SC        |            ICBM:  32.78N, 79.93W      /

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: syslog

Miguel Sennoun

Thank you for the reply


> -----Message d'origine-----
> De : [hidden email] [mailto:freeradius-
> [hidden email]] De la part de Craig Huckabee
> Envoyé : mercredi 8 juin 2005 13:29
> À : FreeRadius users mailing list
> Objet : Re: syslog
>
> Set "log_destination = syslog" and
>
> log {
>          syslog_facility = daemon
> }

I tried, but it seems not write radius logs in syslog

>
> in your radiusd.conf.  That will get your authentication/authorization
> logs going to syslog under the "daemon" facility.  This is all in the
> documentation, BTW.

There is nothing in my documentation (freeradius 1.0.2

> If you search the list archives, you'll see where Alan kindly pointed
> out to me where to make some modifications so accounting info could be
> syslog'd as well - I have not had time to do it yet.

Argghhh  didn't find this but thank you to have tried

Miguel Sennoun




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: syslog

Craig Huckabee
Miguel Sennoun wrote:

>>
>>Set "log_destination = syslog" and
>>
>>log {
>>         syslog_facility = daemon
>>}
>
>
> I tried, but it seems not write radius logs in syslog

Just to be clear - which "radius" logs are you trying to redirect and
did you make sure that syslog is running/configured correctly ?

>
>
>>in your radiusd.conf.  That will get your authentication/authorization
>>logs going to syslog under the "daemon" facility.  This is all in the
>>documentation, BTW.
>
>
> There is nothing in my documentation (freeradius 1.0.2
>
>

Straight from the distributed radiusd.conf:

#
#  Destination for log messages.  This can be one of:
#
# files - log to ${log_file}, as defined above.
# syslog - to syslog (see also the log{} section, below)
# stdout - standard output
# stderr - standard error.
#
#  The command-line option "-X" over-rides this option, and forces
#  logging to go to stdout.
#

That last note is VERY important - if you are testing using -X, you
won't see anything in syslog.

and further down:

#
#  Logging section.  The various "log_*" configuration items
#  will eventually be moved here.
#
log {
        #
        #  Which syslog facility to use, if ${log_destination} == "syslog"
        #
        #  The exact values permitted here are OS-dependent.  You probably
        #  don't want to change this.
        #
        syslog_facility = daemon
}


--
/ Craig Huckabee        |          e-mail: [hidden email] /
/ Code 715-CH           |           phone: (843) 218 5653       /
/ SPAWAR Systems Center | close proximity: "Hey You!"           /
/ Charleston, SC        |            ICBM:  32.78N, 79.93W      /

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: syslog

Miguel Sennoun

 

> >>Set "log_destination = syslog" and

> >>

> >>log {

> >>         syslog_facility = daemon

> >>}

> >

> >

> > I tried, but it seems not write radius logs in syslog

>

> Just to be clear - which "radius" logs are you trying to redirect and

> did you make sure that syslog is running/configured correctly ?

 

 

I would like to redirect all radius logs (even accounting).

And so in my etc/syslog.conf I have:

*.err;kern.notice;auth.notice                   /dev/sysmsg

*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages

 

*.alert;kern.err;daemon.err                     operator

*.alert                                         root

 

*.emerg                                         *

*.*                                             /var/log/allmsg

 

# if a non-loghost machine chooses to have authentication messages

# sent to the loghost machine, un-comment out the following line:

#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)

 

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

 

#

# non-loghost machines will use the following lines to cause "user"

# log messages to be logged locally.

#

ifdef(`LOGHOST', ,

user.err                                        /dev/sysmsg

user.err                                        /var/adm/messages

user.alert                                      `root, operator'

user.emerg                                      *

 

I believe the line *.*       /var/log/allmsg     should perform the correct behaviour. I can see some system logs as user login, but no freeradius daemon logs.

 

>

> >

> >

> >>in your radiusd.conf.  That will get your authentication/authorization

> >>logs going to syslog under the "daemon" facility.  This is all in the

> >>documentation, BTW.

> >

> >

> > There is nothing in my documentation (freeradius 1.0.2

> >

> >

>

> Straight from the distributed radiusd.conf:

 

Thank you for the extract of the radiusd.conf but in mine this section is not present. Even in the 1.0.3 conf files. So I added the section but I don’t know if it is supported by my server.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: syslog

Craig Huckabee
Miguel Sennoun wrote:
>  
>
> I would like to redirect all radius logs (even accounting).

Well, as I mentioned accounting isn't there yet unless someone else has
done it.

[ SNIP ]

>
> Thank you for the extract of the radiusd.conf but in mine this section is
> not present. Even in the 1.0.3 conf files. So I added the section but I
> don't know if it is supported by my server.

I went back and looked - it is in the main CVS line but those changes
were not pulled up for the release versions.  Looks like Alan checked in
the syslog bits ~11 months ago, but I don't see where they made it up
into a release version.  Could be missing the merge, though.

We run a build made from the CVS sources, and it works, so if that is an
option for you then I'd suggest that.

--Craig


--
/ Craig Huckabee        |          e-mail: [hidden email] /
/ Code 715-CH           |           phone: (843) 218 5653       /
/ SPAWAR Systems Center | close proximity: "Hey You!"           /
/ Charleston, SC        |            ICBM:  32.78N, 79.93W      /

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: syslog

Miguel Sennoun


> -----Message d'origine-----
> De : [hidden email] [mailto:freeradius-
> [hidden email]] De la part de Craig Huckabee
> Envoyé : jeudi 9 juin 2005 16:04
> À : FreeRadius users mailing list
> Objet : Re: syslog
>
> Miguel Sennoun wrote:
> >
> >
> > I would like to redirect all radius logs (even accounting).
>
> Well, as I mentioned accounting isn't there yet unless someone else has
> done it.
>
> [ SNIP ]
>
> >
> > Thank you for the extract of the radiusd.conf but in mine this section
> is
> > not present. Even in the 1.0.3 conf files. So I added the section but I
> > don't know if it is supported by my server.
>
> I went back and looked - it is in the main CVS line but those changes
> were not pulled up for the release versions.  Looks like Alan checked in
> the syslog bits ~11 months ago, but I don't see where they made it up
> into a release version.  Could be missing the merge, though.
>
> We run a build made from the CVS sources, and it works, so if that is an
> option for you then I'd suggest that.


Thank you  I found it in the cvs snapshot, but as it is not in the released
versions, I think I should better use another way to manage radius logs


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html