I want to send message to remote syslog in post-auth section. Simple string with
"'%{User-Name}', '%{reply:Packet-Type}', '%{Calling-Station-Id}'"
How do it with FreeRADIUS 3 ?
Or..
How to split loggs by facility or priority?
Asked
Active
Viewed 1,203 times
0
eri
- 274
- 2
- 4
- 15
-
checkout logstash/filebeat and grok to pickup the data you want from the logs... don't forget to rotate the files. – Jacob Evans Mar 27 '20 at 15:10
-
@JacobEvans i want send directly to remote machine – eri Mar 27 '20 at 15:20
1 Answers
0
Using linelog
linelog log_postauth {
filename = syslog
syslog_facility = authpriv
syslog_severity = info
format = "ACCEPTED: %{User-Name} %{control:Tmp-String-0}, %{control:Tmp-String-1}, nas address: %{request:Called-Station-Id}, remote address: %{request:Calling-Station-Id}"
}
linelog log_postreject {
filename = syslog
syslog_facility = authpriv
syslog_severity = warning
format = "REJECTED: %{User-Name} %{control:Tmp-String-0}, %{control:Tmp-String-1}, nas address: %{request:Called-Station-Id}, remote address: %{request:Calling-Station-Id}"
}
And in server
post-auth {
Post-Auth-Type ACCEPT {
log_postauth
}
Post-Auth-Type REJECT {
log_postreject
}
}
Then sending it with rsyslog service
if $syslogfacility-text == 'authpriv'
then {
action(type="omfwd" target="10.254.144.141" protocol="udp" port="514")
}
eri
- 274
- 2
- 4
- 15