Date: Mon, 15 Jan 1996 09:54:30 +0100 From: "K. Rune Nilsen" <rune@follonett.no> To: freebsd-isp@FreeBSD.org Subject: Re: syslog.conf questions Message-ID: <30FA1646.19DC@follonett.no>
next in thread | raw e-mail | index | archive | help
According to Bruce Bauman:
> We get many lines in our /var/log/messages of the form:
>
> Jan 14 15:55:03 pm1 dialnet: port S3 connection succeeded dest dial16.mosquito.com
>
> How can we cause these to not be written to the logfile?
> Is there a way to capture lines of the form:
>
> Jan 14 15:55:33 pm1 dialnet: port S6 jsmith.PPP login failed
>
> but ignore lines which are just successful connections? The documentation isn't
> really clear on this.
Your Portmaster is set up to log to the syslog demon on your server. It logs
both successful and failed logins. The only way to change this is to turn
off syslog logging on the Portmaster, and modify your radius demon instead.
It is quite simple to do so:
In acct.c, insert an #include statement among the others listed at the top:
#include <syslog.h>
Add the hack like this:
(the first line in the cut is line 80 in acct.c)
/*
* Write Detail file.
*/
sprintf(buffer, "%s/%s/detail", radacct_dir, clientname);
if((outfd = fopen(buffer, "a")) == (FILE *)NULL) {
sprintf(buffer,
"Acct: Couldn't open file %s/%s/detail\n",
radacct_dir, clientname);
log_err(buffer);
/* don't respond if we can't save record */
} else {
/* Post a timestamp */
curtime = time(0);
fputs(ctime(&curtime), outfd);
/* Write each attribute/value to the log file */
pair = authreq->request;
/* HACK INSERTED BY KRN */
new_syslog( pair );
/* END OF HACK */
while(pair != (VALUE_PAIR *)NULL) {
fputs("\t", outfd);
fprint_attr_val(outfd, pair);
fputs("\n", outfd);
pair = pair->next;
}
fputs("\n", outfd);
fclose(outfd);
/* let NAS know it is OK to delete from buffer */
send_acct_reply(authreq, (VALUE_PAIR *)NULL,
(char *)NULL,activefd);
}
At the end of the file, add this function:
void new_syslog( VALUE_PAIR *Pair )
{
char *UserName;
int AcctStatus;
int AcctSessTime;
while( Pair != (VALUE_PAIR*)0 )
{
else if( !strcmp( Pair->name, "User-Name" ) )
UserName = Pair->strvalue;
else if( !strcmp( Pair->name, "Acct-Status-Type" ) )
AcctStatus = Pair->lvalue;
else if( !strcmp( Pair->name, "Acct-Session-Time" ) )
AcctSessTime = Pair->lvalue;
Pair = Pair->next;
}
syslog( LOG_AUTH | LOG_INFO,
"User %s %s, time %u",
UserName,
AcctStatus == PW_STATUS_START ? "up" : "down",
AcctSessTime );
}
I hope this does the trick. I picked it out of a larger hack I made a couple
of months ago.
We just started making a new radiusd (with the working name 'diameter' :) )
with a lot of fancy features for ISP's:
* Classes of users, with type of service and prices for ever hour of
the week.
* Cached user-database. Each user can be a member of several classes,
selected by a prefix after the username (joe-ppp, joe-telnet, etc.).
* A log for each user, with time and price.
* Redirecton to another radius-server if the username has a certain
prefix. This way a central site can have users that need to connect
from several other sites.
* ++++
If you have more ideas, please tell. It'll take a couple of weeks before
we have a working beta, but we have already set up a mailinglist for all who
are interested. Send a message to 'diameter@follonett.no' with the subject
'subscribe' to join. It will be a little while before there is much traffic
there, though.
Rune.
---------------------------------------------------------------------------
K. Rune Nilsen follonett@follonett.no Ansvar TV AS/Follonett
rune@follonett.no info@follonett.no Tel (+47) 64877140
http://www.follonett.no/ Fax (+47) 64877141
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30FA1646.19DC>