From owner-freebsd-isp  Mon Jan 15 01:29:08 1996
Return-Path: owner-isp
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id BAA29731
          for isp-outgoing; Mon, 15 Jan 1996 01:29:08 -0800 (PST)
Received: from nic.ftns.no (nic.ftns.no [194.52.172.18])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id BAA29719
          for <freebsd-isp@FreeBSD.org>; Mon, 15 Jan 1996 01:29:02 -0800 (PST)
Received: from alpha1.nipnett.no (alpha1.nipnett.no [194.52.171.10]) by nic.ftns.no (8.6.12/8.6.12) with SMTP id JAA18804 for <freebsd-isp@FreeBSD.org>; Mon, 15 Jan 1996 09:53:20 +0100
Received: from nic.follonett.no by alpha1.nipnett.no; (5.65/1.1.8.2/30Aug95-0205PM)
	id AA18387; Mon, 15 Jan 1996 09:54:34 +0100
Received: from gori.follonett.no (gori.follonett.no [194.198.33.77]) by follonett.no (8.7.2/8.7.2) with SMTP id JAA28606 for <freebsd-isp@FreeBSD.org>; Mon, 15 Jan 1996 09:54:29 +0100 (MET)
Message-Id: <30FA1646.19DC@follonett.no>
Date: Mon, 15 Jan 1996 09:54:30 +0100
From: "K. Rune Nilsen" <rune@follonett.no>
X-Mailer: Mozilla 2.0b3 (Win95; I)
Mime-Version: 1.0
To: freebsd-isp@FreeBSD.org
Subject: Re: syslog.conf questions
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-isp@FreeBSD.org
Precedence: bulk

According to Bruce Bauman:

 > We get many lines in our /var/log/messages of the form:
 >
 > Jan 14 15:55:03 pm1 dialnet: port S3 connection succeeded dest dial16.mosquito.com
 >
 > How can we cause these to not be written to the logfile?
 > Is there a way to capture lines of the form:
 >
 > Jan 14 15:55:33 pm1 dialnet: port S6 jsmith.PPP login failed
 >
 > but ignore lines which are just successful connections? The documentation isn't
 > really clear on this.

Your Portmaster is set up to log to the syslog demon on your server. It logs
both successful and failed logins. The only way to change this is to turn
off syslog logging on the Portmaster, and modify your radius demon instead.
It is quite simple to do so:

In acct.c, insert an #include statement among the others listed at the top:
#include <syslog.h>

Add the hack like this:
(the first line in the cut is line 80 in acct.c)
    /*
     * Write Detail file.
     */
    sprintf(buffer, "%s/%s/detail", radacct_dir, clientname);
    if((outfd = fopen(buffer, "a")) == (FILE *)NULL) {
        sprintf(buffer,
            "Acct: Couldn't open file %s/%s/detail\n",
            radacct_dir, clientname);
        log_err(buffer);
        /* don't respond if we can't save record */
    } else {

        /* Post a timestamp */
        curtime = time(0);
        fputs(ctime(&curtime), outfd);

        /* Write each attribute/value to the log file */
        pair = authreq->request;
/* HACK INSERTED BY KRN */
        new_syslog( pair );
/* END OF HACK */
        while(pair != (VALUE_PAIR *)NULL) {
            fputs("\t", outfd);
            fprint_attr_val(outfd, pair);
            fputs("\n", outfd);
        pair = pair->next;
        }
        fputs("\n", outfd);
        fclose(outfd);
        /* let NAS know it is OK to delete from buffer */
        send_acct_reply(authreq, (VALUE_PAIR *)NULL,
                (char *)NULL,activefd);
    }

At the end of the file, add this function:

void new_syslog( VALUE_PAIR *Pair )
{
    char *UserName;
    int      AcctStatus;
    int      AcctSessTime;

    while( Pair != (VALUE_PAIR*)0 )
        {
        else if( !strcmp( Pair->name, "User-Name" ) )
            UserName = Pair->strvalue;
        else if( !strcmp( Pair->name, "Acct-Status-Type" ) )
            AcctStatus = Pair->lvalue;
        else if( !strcmp( Pair->name, "Acct-Session-Time" ) )
            AcctSessTime = Pair->lvalue;
        Pair = Pair->next;
        }

    syslog( LOG_AUTH | LOG_INFO,
            "User %s %s, time %u",
            UserName,
            AcctStatus == PW_STATUS_START ? "up" : "down",
            AcctSessTime );
}

I hope this does the trick. I picked it out of a larger hack I made a couple
of months ago.

  We just started making a new radiusd (with the working name 'diameter' :) )
with a lot of fancy features for ISP's:

    * Classes of users, with type of service and prices for ever hour of
      the week.
    * Cached user-database. Each user can be a member of several classes,
      selected by a prefix after the username (joe-ppp, joe-telnet, etc.).
    * A log for each user, with time and price.
    * Redirecton to another radius-server if the username has a certain
      prefix. This way a central site can have users that need to connect
      from several other sites.
    * ++++

  If you have more ideas, please tell. It'll take a couple of weeks before
we have a working beta, but we have already set up a mailinglist for all who
are interested. Send a message to 'diameter@follonett.no' with the subject
'subscribe' to join. It will be a little while before there is much traffic
there, though.

Rune.

---------------------------------------------------------------------------
K. Rune Nilsen          follonett@follonett.no       Ansvar TV AS/Follonett
rune@follonett.no            info@follonett.no           Tel (+47) 64877140
                      http://www.follonett.no/           Fax (+47) 64877141