Commit 23208d60 authored by Angel L. Mateo's avatar Angel L. Mateo
Browse files

Add freeradius::module::detail

To configure freeradius' detail module
parent 1129e484
# == Define: freeradius::module::detail
#
define freeradius::module::detail (
Enum['present','absent'] $ensure = 'present',
String $filename = "\${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d",
Freeradius::Boolean $escape_filenames = 'no',
String $permissions = '0600',
Optional[String] $group = undef,
String $header = '%t',
Optional[Freeradius::Boolean] $locking = undef,
Optional[Freeradius::Boolean] $log_packet_header = undef,
Array[String] $suppress = [],
) {
if $suppress {
validate_array($suppress)
}
freeradius::module {"detail.${name}":
ensure => $ensure,
content => template('freeradius/detail.erb'),
}
}
# File managed by puppet
##############################################################
# Write a detailed log of all accounting records received.
#
detail <%= @name %> {
# Note that we do NOT use NAS-IP-Address here, as
# that attribute MAY BE from the originating NAS, and
# NOT from the proxy which actually sent us the
# request.
#
# The following line creates a new detail file for
# every radius client (by IP address or hostname).
# In addition, a new detail file is created every
# day, so that the detail file doesn't have to go
# through a 'log rotation'
#
# If your detail files are large, you may also want
# to add a ':%H' (see doc/variables.txt) to the end
# of it, to create a new detail file every hour, e.g.:
#
# ..../detail-%Y%m%d:%H
#
# This will create a new detail file for every hour.
#
# If you are reading detail files via the "listen" section
# (e.g. as in raddb/sites-available/robust-proxy-accounting),
# you MUST use a unique directory for each combination of a
# detail file writer, and reader. That is, there can only
# be ONE "listen" section reading detail files from a
# particular directory.
#
filename = <%= @filename %>
#
# If you are using radrelay, delete the above line for "file",
# and use this one instead:
#
# filename = ${radacctdir}/detail
#
# Most file systems can handly nearly the full range of UTF-8
# characters. Ones that can deal with a limited range should
# set this to "yes".
#
escape_filenames = <%= @escape_filenames %>
#
# The Unix-style permissions on the 'detail' file.
#
# The detail file often contains secret or private
# information about users. So by keeping the file
# permissions restrictive, we can prevent unwanted
# people from seeing that information.
permissions = <%= @permissions %>
# The Unix group of the log file.
#
# The user that the server runs as must be in the specified
# system group otherwise this will fail to work.
#
# group = ${security.group}
<%- if @group -%>
group = <%= @group %>
<%- end -%>
#
# Every entry in the detail file has a header which
# is a timestamp. By default, we use the ctime
# format (see "man ctime" for details).
#
# The header can be customised by editing this
# string. See "doc/variables.txt" for a description
# of what can be put here.
#
header = "<%= @header %>"
#
# Uncomment this line if the detail file reader will be
# reading this detail file.
#
# locking = yes
<%- if @locking -%>
locking = <%= @locking == true %>
<%- end -%>
#
# Log the Packet src/dst IP/port. This is disabled by
# default, as that information isn't used by many people.
#
# log_packet_header = yes
<%- if @log_packet_header -%>
log_packet_header = <%= @log_packet_header == true %>
<%- end -%>
#
# Certain attributes such as User-Password may be
# "sensitive", so they should not be printed in the
# detail file. This section lists the attributes
# that should be suppressed.
#
# The attributes should be listed one to a line.
#
#suppress {
# User-Password
#}
<%- if !@suppress.empty? -%>
suppress {
<%= @suppress.join("\n ") %>
}
<%- end -%>
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment