| 4 |
- |
1 |
# -*- text -*-
|
|
|
2 |
#
|
| 34 |
- |
3 |
# $Id: c36dce75c6d41b7470bd177a27ed96d3fe3dafe5 $
|
| 4 |
- |
4 |
|
|
|
5 |
#
|
|
|
6 |
# More examples of doing detail logs.
|
|
|
7 |
|
|
|
8 |
#
|
|
|
9 |
# Many people want to log authentication requests.
|
|
|
10 |
# Rather than modifying the server core to print out more
|
|
|
11 |
# messages, we can use a different instance of the 'detail'
|
|
|
12 |
# module, to log the authentication requests to a file.
|
|
|
13 |
#
|
|
|
14 |
# You will also need to un-comment the 'auth_log' line
|
|
|
15 |
# in the 'authorize' section, below.
|
|
|
16 |
#
|
|
|
17 |
detail auth_log {
|
| 34 |
- |
18 |
detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
|
| 4 |
- |
19 |
|
|
|
20 |
#
|
|
|
21 |
# This MUST be 0600, otherwise anyone can read
|
|
|
22 |
# the users passwords!
|
|
|
23 |
detailperm = 0600
|
|
|
24 |
|
|
|
25 |
# You may also strip out passwords completely
|
|
|
26 |
suppress {
|
|
|
27 |
User-Password
|
|
|
28 |
}
|
|
|
29 |
}
|
|
|
30 |
|
|
|
31 |
#
|
|
|
32 |
# This module logs authentication reply packets sent
|
|
|
33 |
# to a NAS. Both Access-Accept and Access-Reject packets
|
|
|
34 |
# are logged.
|
|
|
35 |
#
|
|
|
36 |
# You will also need to un-comment the 'reply_log' line
|
|
|
37 |
# in the 'post-auth' section, below.
|
|
|
38 |
#
|
|
|
39 |
detail reply_log {
|
| 34 |
- |
40 |
detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
|
| 4 |
- |
41 |
|
|
|
42 |
detailperm = 0600
|
|
|
43 |
}
|
|
|
44 |
|
|
|
45 |
#
|
|
|
46 |
# This module logs packets proxied to a home server.
|
|
|
47 |
#
|
|
|
48 |
# You will also need to un-comment the 'pre_proxy_log' line
|
|
|
49 |
# in the 'pre-proxy' section, below.
|
|
|
50 |
#
|
|
|
51 |
detail pre_proxy_log {
|
| 34 |
- |
52 |
detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d
|
| 4 |
- |
53 |
|
|
|
54 |
#
|
|
|
55 |
# This MUST be 0600, otherwise anyone can read
|
|
|
56 |
# the users passwords!
|
|
|
57 |
detailperm = 0600
|
|
|
58 |
|
|
|
59 |
# You may also strip out passwords completely
|
|
|
60 |
#suppress {
|
|
|
61 |
# User-Password
|
|
|
62 |
#}
|
|
|
63 |
}
|
|
|
64 |
|
|
|
65 |
#
|
|
|
66 |
# This module logs response packets from a home server.
|
|
|
67 |
#
|
|
|
68 |
# You will also need to un-comment the 'post_proxy_log' line
|
|
|
69 |
# in the 'post-proxy' section, below.
|
|
|
70 |
#
|
|
|
71 |
detail post_proxy_log {
|
| 34 |
- |
72 |
detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d
|
| 4 |
- |
73 |
|
|
|
74 |
detailperm = 0600
|
|
|
75 |
}
|