| 4 |
- |
1 |
# -*- text -*-
|
|
|
2 |
#
|
| 34 |
- |
3 |
# $Id: 2e68d065ec93d0644cf7e931d97fdfac4e2be552 $
|
| 4 |
- |
4 |
|
|
|
5 |
# Write a detailed log of all accounting records received.
|
|
|
6 |
#
|
|
|
7 |
detail {
|
|
|
8 |
# Note that we do NOT use NAS-IP-Address here, as
|
|
|
9 |
# that attribute MAY BE from the originating NAS, and
|
|
|
10 |
# NOT from the proxy which actually sent us the
|
|
|
11 |
# request.
|
|
|
12 |
#
|
|
|
13 |
# The following line creates a new detail file for
|
|
|
14 |
# every radius client (by IP address or hostname).
|
|
|
15 |
# In addition, a new detail file is created every
|
|
|
16 |
# day, so that the detail file doesn't have to go
|
|
|
17 |
# through a 'log rotation'
|
|
|
18 |
#
|
|
|
19 |
# If your detail files are large, you may also want
|
|
|
20 |
# to add a ':%H' (see doc/variables.txt) to the end
|
|
|
21 |
# of it, to create a new detail file every hour, e.g.:
|
|
|
22 |
#
|
|
|
23 |
# ..../detail-%Y%m%d:%H
|
|
|
24 |
#
|
|
|
25 |
# This will create a new detail file for every hour.
|
|
|
26 |
#
|
|
|
27 |
# If you are reading detail files via the "listen" section
|
|
|
28 |
# (e.g. as in raddb/sites-available/robust-proxy-accounting),
|
|
|
29 |
# you MUST use a unique directory for each combination of a
|
|
|
30 |
# detail file writer, and reader. That is, there can only
|
|
|
31 |
# be ONE "listen" section reading detail files from a
|
|
|
32 |
# particular directory.
|
|
|
33 |
#
|
|
|
34 |
detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
|
|
|
35 |
|
|
|
36 |
#
|
| 34 |
- |
37 |
# If you are using radrelay, delete the above line for "detailfile",
|
|
|
38 |
# and use this one instead:
|
|
|
39 |
#
|
|
|
40 |
# detailfile = ${radacctdir}/detail
|
|
|
41 |
|
|
|
42 |
#
|
| 4 |
- |
43 |
# The Unix-style permissions on the 'detail' file.
|
|
|
44 |
#
|
|
|
45 |
# The detail file often contains secret or private
|
|
|
46 |
# information about users. So by keeping the file
|
|
|
47 |
# permissions restrictive, we can prevent unwanted
|
|
|
48 |
# people from seeing that information.
|
|
|
49 |
detailperm = 0600
|
|
|
50 |
|
| 34 |
- |
51 |
# The Unix group of the log file.
|
| 4 |
- |
52 |
#
|
| 34 |
- |
53 |
# The user that the server runs as must be in the specified
|
|
|
54 |
# system group otherwise this will fail to work.
|
|
|
55 |
#
|
|
|
56 |
# group = freerad
|
|
|
57 |
|
|
|
58 |
#
|
| 4 |
- |
59 |
# Every entry in the detail file has a header which
|
|
|
60 |
# is a timestamp. By default, we use the ctime
|
|
|
61 |
# format (see "man ctime" for details).
|
|
|
62 |
#
|
|
|
63 |
# The header can be customized by editing this
|
|
|
64 |
# string. See "doc/variables.txt" for a description
|
|
|
65 |
# of what can be put here.
|
|
|
66 |
#
|
|
|
67 |
header = "%t"
|
|
|
68 |
|
|
|
69 |
#
|
|
|
70 |
# Uncomment this line if the detail file reader will be
|
|
|
71 |
# reading this detail file.
|
|
|
72 |
#
|
|
|
73 |
# locking = yes
|
|
|
74 |
|
|
|
75 |
#
|
|
|
76 |
# Log the Packet src/dst IP/port. This is disabled by
|
|
|
77 |
# default, as that information isn't used by many people.
|
|
|
78 |
#
|
|
|
79 |
# log_packet_header = yes
|
|
|
80 |
|
|
|
81 |
#
|
|
|
82 |
# Certain attributes such as User-Password may be
|
|
|
83 |
# "sensitive", so they should not be printed in the
|
|
|
84 |
# detail file. This section lists the attributes
|
|
|
85 |
# that should be suppressed.
|
|
|
86 |
#
|
|
|
87 |
# The attributes should be listed one to a line.
|
|
|
88 |
#
|
|
|
89 |
#suppress {
|
|
|
90 |
# User-Password
|
|
|
91 |
#}
|
|
|
92 |
|
|
|
93 |
}
|