v3 and rlm_sql_log/radsqlrelay

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

v3 and rlm_sql_log/radsqlrelay

Artis Caune
Looking at replacing sql_log from v1

Module has been removed in v3 but 3.0.19 still ships with radsqlrelay.
radsqlreplay(8) still refers to rlm_sql_log


I tried this and it works:
sql sql_auth_log {
        driver = "rlm_sql_null"
        post-auth {
                logfile = "${logdir}/auth_log.sql"
                query = "INSERT INTO authlog ..."
        }
}

and: radsqlrelay -x -d mysql ... /var/log/freeradius/auth_log.sql


Just wondering if there are better ways of doing this as looks like
radsqlrelay might not be supported anymore ?

Inserting during auth is not an option as it slows down server and master
might not be available for regional nodes.

Another option might be to proxy auth logs as radius packets (buffered) to
central radius server which will insert all requests whenever db is ready.


Thanks,
Artis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: v3 and rlm_sql_log/radsqlrelay

Alan DeKok-2
On Sep 2, 2019, at 7:46 PM, Artis Caune <[hidden email]> wrote:
>
> Looking at replacing sql_log from v1
>
> Module has been removed in v3 but 3.0.19 still ships with radsqlrelay.
> radsqlreplay(8) still refers to rlm_sql_log

  That's a simple fix.

> I tried this and it works:
> sql sql_auth_log {
>        driver = "rlm_sql_null"
>        post-auth {
>                logfile = "${logdir}/auth_log.sql"
>                query = "INSERT INTO authlog ..."
>        }
> }
>
> and: radsqlrelay -x -d mysql ... /var/log/freeradius/auth_log.sql

  Yes.  Sometimes the FR config can be tiny.

  The default config is huge because it has to do *everything*.

> Just wondering if there are better ways of doing this as looks like
> radsqlrelay might not be supported anymore ?

  It's fine.

> Inserting during auth is not an option as it slows down server and master
> might not be available for regional nodes.
>
> Another option might be to proxy auth logs as radius packets (buffered) to
> central radius server which will insert all requests whenever db is ready.

  It's best to make sure that a critical database is (a) alive, and (b) fast.  Anything else is just papering over the issue.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html