Documentation for the world's most popular RADIUS Server.not logged in | [Login]
Always use radiusd -X when debugging!
The rlm_detail module enables the packet detail logging to the filesystem.
# Write a detailed log of all accounting records received.
#
detail {
# Note that we do NOT use NAS-IP-Address here, as
# that attribute MAY BE from the originating NAS, and
# NOT from the proxy which actually sent us the
# request. The Client-IP-Address attribute is ALWAYS
# the address of the client which sent us the
# request.
#
# The following line creates a new detail file for
# every radius client (by IP address or hostname).
# In addition, a new detail file is created every
# day, so that the detail file doesn't have to go
# through a 'log rotation'
#
# If your detail files are large, you may also want
# to add a ':%H' (see doc/variables.txt) to the end
# of it, to create a new detail file every hour, e.g.:
#
# ..../detail-%Y%m%d:%H
#
# This will create a new detail file for every hour.
#
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
#
# The Unix-style permissions on the 'detail' file.
#
# The detail file often contains secret or private
# information about users. So by keeping the file
# permissions restrictive, we can prevent unwanted
# people from seeing that information.
detailperm = 0600
#
# Every entry in th edetail file has a header which
# is a timestamp. By default, we use the ctime
# format (see "man ctime" for details).
#
# The header can be customized by editing this
# string. See "doc/variables.txt" for a description
# of what can be put here.
#
header = "%t"
#
# Certain attributes such as User-Password may be
# "sensitive", so they should not be printed in the
# detail file. This section lists the attributes
# that should be suppressed.
#
# The attributes should be listed one to a line.
#
#suppress {
# User-Password
#}
}
#
# Many people want to log authentication requests.
# Rather than modifying the server core to print out more
# messages, we can use a different instance of the 'detail'
# module, to log the authentication requests to a file.
#
# You will also need to un-comment the 'auth_log' line
# in the 'authorize' section, below.
#
# detail auth_log {
# detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
#
# This MUST be 0600, otherwise anyone can read
# the users passwords!
# detailperm = 0600
# }
#
# This module logs authentication reply packets sent
# to a NAS. Both Access-Accept and Access-Reject packets
# are logged.
#
# You will also need to un-comment the 'reply_log' line
# in the 'post-auth' section, below.
#
# detail reply_log {
# detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
#
# This MUST be 0600, otherwise anyone can read
# the users passwords!
# detailperm = 0600
# }
#
# This module logs packets proxied to a home server.
#
# You will also need to un-comment the 'pre_proxy_log' line
# in the 'pre-proxy' section, below.
#
# detail pre_proxy_log {
# detailfile = ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
#
# This MUST be 0600, otherwise anyone can read
# the users passwords!
# detailperm = 0600
# }
#
# This module logs response packets from a home server.
#
# You will also need to un-comment the 'post_proxy_log' line
# in the 'post-proxy' section, below.
#
# detail post_proxy_log {
# detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
#
# This MUST be 0600, otherwise anyone can read
# the users passwords!
# detailperm = 0600
# }
Last edited by Alan T. DeKok, 2011-07-14 00:15:12
Sponsored by Network RADIUS 