log

Synopsis

Directives

auth
Syntax

auth = boolean

Default

no

Description

Logs authentication requests to the log file.

auth_badpass
Syntax

auth_badpass = boolean

Default

no

Description

Logs passwords with the authentication requests: logs password if it’s rejected.

auth_goodpass
Syntax

auth_goodpass = boolean

Default

no

Description

Logs passwords with the authentication requests: logs password if it’s correct.

colourise
Syntax

colourise = boolean

Default

yes

Description

Highlights important messages sent to stderr and stdout.

Option will be ignored (disabled) if output of TERM is not an xterm or output is not to a TTY.

destination
Syntax

destination = string

Default

files

Description

Destination for log messages. This can be one of:

files

log to "file", as defined below.

syslog

to syslog (see also the "syslog_facility", below.

stdout

standard output

stderr

standard error.

The command-line option "-X" overrides this option and forces logging to go to stdout.

file
Syntax

file = filename

Default

${logdir}/radius.log

Description

If destination = "files", then the logging messages for the server are appended to the tail of this file. If the server is running in debugging mode, then this file is NOT used.

msg_denied
Syntax

msg_denied = string

Default

"You are already logged in - access denied"

Description

The message when the user exceeds the Simultaneous-Use limit.

msg_badpass
Syntax

msg_badpass = string

Default

""

Description

Logs additional text at the end of the Login OK messages. For this directive to work, the auth and auth_badpass configurations have to be set to yes.

The strings below are dynamically expanded, which means that they can be anything. However, note that this expansion can be slow and can negatively impact server performance.

msg_goodpass
Syntax

msg_goodpass = string

Default

""

Description

Logs additional text at the end of the Login OK messages. For this directive to work, the auth and auth_goodpass configurations have to be set to yes.

The strings below are dynamically expanded, which means that they can be anything. However, note that this expansion can be slow and can negatively impact server performance.

requests
Syntax

requests = filename

Default

${logdir}/radiusd-%\{​%{Virtual-Server}:-DEFAULT}-%Y%m%d.log

Description

If this configuration parameter is set, then log messages for a request go to this file, rather than to radius.log. In other words, this file becomes a log file per request, once the server has accepted the request as being from a valid client. Messages that are not associated with a request still go to radius.log.

Not all log messages in the server core have been updated to use this new internal API. As a result, some messages will still go to radius.log.

The file name is expanded dynamically. Only server-side attributes should be used for the filename (e.g., things that can be controlled). Using this feature may also slow down the server substantially, especially if things like SQL calls are used as part of the expansion of the filename.

To avoid having the log messages distributed over multiple files, the name of the log file should use attributes that don’t change over the lifetime of a request, such as User-Name, Virtual-Server, or Packet-Src-IP-Address.

Logging can be enabled for an individual request by a special dynamic expansion macro: %{debug: 1}, where the debug level for this request is set to '1' (or 2, 3, etc.); e.g.,

update control 	{
	      	Tmp-String-0 = "%{debug:1}"
		}

The attribute to which value is assigned is unimportant and should be a "throw-away" attribute with no side effects.

stripped_names
Syntax

stripped_names = boolean

Default

no

Description

Logs the full User-Name attribute, as it was found in the request.

syslog_facility
Syntax

syslog_facility = string

Default

daemon

Description

Which syslog facility to use, if ${destination} == "syslog". The exact values permitted here are OS-dependent. This value probably should not be changed.