Monitor freeradius for failed login attempts and trigger email to user

Question

We have 2 freeradius authentication servers which service around 12k users. Users often enter incorrect credentials and this causes significant strain on the helpdesk. I'd like to write a script to monitor the radius logs for authentication failures (or alternatively the mysql postauth table) and then lookup the customers email address on the database server to be able to send them an email with a link to a password troubleshooting page.

The question is how best to do this? My first thought is to setup rsyslog or something and forward the logs to the web/db server and then have a script running there which tails the logs. I also thought of having something running locally on each radius server which monitors the logs or the mysql postauth table. I can figure out how to implement it but Im not sure of the best strategy. Any advice?

score 2 · Accepted Answer · answered May 11 '11 at 18:07

2

You could try using perl in Post-Auth-Type REJECT

post-auth {
  # Login successful: get an address from the IP pool.
  ippool
  Post-Auth-Type REJECT {
   # Login failed
   perl
  }
}

references Freeradius FAQ, Post-Auth-Type docs, rlm_perl.

answered May 11 '11 at 18:07

AlexD

8,179
2
28
38

Monitor freeradius for failed login attempts and trigger email to user

1 Answers1