rlm_linelog

Synopsis

The linelog module logs one line of text to a file. Both the filename and the line of text are dynamically expanded. It is strongly suggested that data from the packet not be used as part of the filename. Using data from the packet can cause attackers to create or remove arbitrary files on the server.

Processing Sections

Any.

Return codes

fail The format or reference expansion could not be performed, or there was an error opening the output file.

noop The reference is for a configuration directive that does not exist.

ok The line was logged successfully.

Expansions

None.

Directives

filename
Syntax

filename = string

Default

${logdir}/linelog

Description

The file where the logs will be written. If the filename is syslog, then the log messages will go to syslog.

format
Syntax

format = string

Default

This is a log message for %{User-Name}

Description

The default format string. It is used if the reference directive does not exist or if the reference can not be found.

group
Syntax

group = string

Default

${security.group}

Description

The name of the group that will own the log file. If unset, the group is inherited from the gid of the server process.

permissions
Syntax

permissions = integer

Default

0600

Description

The Unix-style permissions for the log file.

The log file may contain secret or private information about users. It is recommended that the file permissions be kept as restrictive as possible.

reference
Syntax

reference = string

Default

%{​%{Packet-Type}:-format}

Description

The reference directive over-rides the format directive. If the reference is set, it is dynamically expanded. The resulting string is used as a reference to an additional configuration directive in the linelog section. If the directive exists, then its value is used instead of format.

If the referenced directive does not exist, then no logging is done.

If the referenced directive exists, but expands to an empty string, then no logging is done.

syslog_facility
Syntax

syslog_facility = string

Default

daemon

Description

If logging via syslog, the facility can be set here; otherwise, use the syslog_facility option in radiusd.conf.