Skip to content
Snippets Groups Projects
Select Git revision
  • 2.0.7
  • master default protected
  • php84
  • release-2.0.0
  • 2.0.6
  • 2.0.5
  • 2.0.4
  • 2.0.3
  • 2.0.2
  • 2.0.1
  • 1.0.0
11 results

readme.md

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    detail.log 2.49 KiB 
    # -*- text -*-
#
#  $Id$

#
#  More examples of doing detail logs.

#
#  Many people want to log authentication requests.
#  Rather than modifying the server core to print out more
#  messages, we can use a different instance of the 'detail'
#  module, to log the authentication requests to a file.
#
#  You will also need to un-comment the 'auth_log' line
#  in the 'authorize' section, below.
#
detail auth_log-for-bsql {
	detailfile = ${radacctdir}/%{%{Virtual-Server}:-UNKNOWN}/auth-bsql.log

	#
	#  This MUST be 0600, otherwise anyone can read
	#  the users passwords!
	detailperm = 0600
	locking = yes

	# You may also strip out passwords completely
	suppress {
		User-Password
		EAP-Message
		Framed-MTU
		State
		Message-Authenticator
		Packet-Type
		Proxy-State
		Tunnel-Type
		Tunnel-Medium-Type
		Tunnel-Private-Group-Id
	}
}

detail auth_log {
	detailfile = ${radacctdir}/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log

	#  This MUST be 0600, otherwise anyone can read
	#  the users passwords!
	detailperm = 0600

	# You may also strip out passwords completely
	suppress {
		User-Password
	}

	#  Log the Packet src/dst IP/port.  This is disabled by
	#  default, as that information isn't used by many people.
	log_packet_header = yes
}

# This is the same as the block above, except it allows passwords
# # to be written to the log file
detail auth_log_password {
	detailfile = ${radacctdir}/%{%{Virtual-Server}:-UNKNOWN}/auth-detail.log
	detailperm = 0600
}


#  This module logs authentication reply packets sent
#  to a NAS.  Both Access-Accept and Access-Reject packets
#  are logged.
#
#  You will also need to un-comment the 'reply_log' line
    #  in the 'post-auth' section, below.
#
detail reply_log {
	detailfile = ${radacctdir}/%{%{Virtual-Server}:-UNKNOWN}/reply-detail.log

	detailperm = 0600
}

#
#  This module logs packets proxied to a home server.
#
#  You will also need to un-comment the 'pre_proxy_log' line
#  in the 'pre-proxy' section, below.
#
detail pre_proxy_log {
	detailfile = ${radacctdir}/%{%{Virtual-Server}:-DEFAULT}/pre-proxy-detail.log

	#
	#  This MUST be 0600, otherwise anyone can read
	#  the users passwords!
	detailperm = 0600

	# You may also strip out passwords completely
	#suppress {
		# User-Password
	#}
}

#
#  This module logs response packets from a home server.
#
#  You will also need to un-comment the 'post_proxy_log' line
#  in the 'post-proxy' section, below.
#
detail post_proxy_log {
	detailfile = ${radacctdir}/%{%{Virtual-Server}:-DEFAULT}/post-proxy-detail.log
	detailperm = 0600
}