Make radius.log visible in webGUI like STATUS -> System Logs. php question
-
Hi,
I want to create an extra tab in the freeradius package for the freeradius logs. Actually the is the possibility to log everything in /var/log/radius.log or in STATUS -> System Logs -> System.
But if you have many clients authentication on freeradius then the systemlogs will be spammed with freeradius messages.
So I created - or better copied an existing logging .php and modified it to use /var/log/radius.log as sourcefile.
The .php file above is the /usr/local/www/diag_logs.php file which I just modified and saved as "freeradius_logs.php"
/* $Id$ */ /* diag_logs.php Copyright (C) 2004-2009 Scott Ullrich All rights reserved. originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1\. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2\. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* pfSense_MODULE: system */ ##|+PRIV ##|*IDENT=page-diagnostics-logs-system ##|*NAME=Diagnostics: Logs: System page ##|*DESCR=Allow access to the 'Diagnostics: Logs: System' page. ##|*MATCH=diag_logs.php* ##|-PRIV require("guiconfig.inc"); $radius_logfile = "{$g['varlog_path']}/radius.log"; $nentries = $config['syslog']['nentries']; if (!$nentries) $nentries = 50; if ($_POST['clear']) clear_log_file($radius_logfile); if ($_GET['filtertext']) $filtertext = htmlspecialchars($_GET['filtertext']); if ($_POST['filtertext']) $filtertext = htmlspecialchars($_POST['filtertext']); if ($filtertext) $filtertextmeta="?filtertext=$filtertext"; $pgtitle = array(gettext("FreeRADIUS"),gettext("Log")); include("head.inc"); ?> $tab_array = array(); $tab_array[] = array(gettext("User"), false, "/pkg.php?xml=freeradius.xml"); $tab_array[] = array(gettext("Clients"), false, "/pkg.php?xml=freeradiusclients.xml"); $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeradiussettings.xml&id=0"); $tab_array[] = array(gettext("Log"), true, "/freeradius_logs.php"); display_top_tabs($tab_array); ?> | if($filtertext) dump_clog($radius_logfile, $nentries, true, array("$filtertext"), array("ppp")); else dump_clog($radius_logfile, $nentries, true, array(), array("ppp")); ?> | <form id="filterform" name="filterform" action="freeradius_logs.php" method="post" style="margin-top: 14px;"> " /> </form> | <form id="clearform" name="clearform" action="freeradius_logs.php" method="post" style="margin-top: 14px;"> " /> </form> | |</mk@neon1.net>
The .php file is only working if I change the following line:
$radius_logfile = "{$g['varlog_path']}/radius.log";
and using "sysem.log" or "dhcpd.log" instead of "radius.log".
So the .php file is working but the must be a difference in the log files but I do not know where, why and what.Perhaps someone could help me or explain to me why it is not working and/or will never work.
Thanks -
Nachtfalke,
If freeradius uses syslog facilities, you may need to include it in /etc/syslogd.conf
take a look at postfix.inc file.
att,
Marcello Coutinho -
Hi,
thanks for your reply.
I can change if freeRADIUS logs it files to /var/lag/radius.log or to syslog. But when logging to syslog then it saves all logs in /var/log/system.log I would like to redirect it to another file so that I could create a different tab only for radius logs.
But I will have a look at the postfix.inc.
Thank you. -
that's the point.
If freeradius is able to write to syslog daemon and you include a syslog facility 'radius', you will be able to log to radius.log using syslog.
-
I don't recall the specific details of how it works, but there is Diagnostics > Package Logs that is made for packages to hook into this way.
-
I played around with "diag_pkglogs.php" because I found that arpwatch is logging there.
I am no coding pro so I just replaced "arpwatch" with "radius" and so on but didn't work.Not sure if it is enough to add
<logging><facilityname>freeRADIUS</facilityname> <logfilename>radius.log</logfilename></logging>
to the config.xml or if there is more to do. Didn't want to add it because I do not want to break the package (again).
-
That doesn't get added to config.xml directly, it's part of the package definition in pkg_config.8.xml and such. There are several packages that have it set there. Not sure how well it works, if it works at all, but others are doing it.
-
It works perfectly. This is what I used for the Unbound package
<logging><facilityname>unbound</facilityname> <logfilename>unbound.log</logfilename> <logtab>Unbound</logtab></logging>
You can then view it via Status->Package Logs. So just modify the above to suit your needs.
-
Hi, I added this to the pkg.config.8.xml.amd64
<logging><facilityname>freeradius</facilityname> <logfilename>radius.log</logfilename> <logtab>freeRADIUS</logtab></logging>
There is no tab in "Package logs" and of course no logging.
-
Did you reinstall the package after that was added? When you do, it will end up in config.xml but as a part of the <package>tag for it.
(Also make sure you wait for ~10 minutes after the commit actually was approved so the package repo has a chance to sync up the new commits)</package>
-
Have you configured freeRADIUS to log to syslog and ensure it starts up with the syslog options?
Dont forget to update pkg.config.8.xml as well, so i386 also gets some logging love.
-
This is in /etc/syslog.conf
!freeradius *.* %/var/log/radius.log
The process name of freeradius is "radiusd" should this be in syslog.conf instead of "freeradius" ?
to change between logging to "radius.log" or to "syslog" I only have to change one line in freeradius.inc which effects /usr/local/etc/raddb/radiusd.conf
/var/log/radius.log
logdir = /var/log
syslog:
logdir = syslog
-
did you get this working?
-
Sorry I didn't.
For me it seems like the output in the radius.log file in /var/log isn't in the correct format to make it visible in GUI.As an example I copied system.log to radius.log and than it was visible in GUI (Package Logs). But I don't know how to fix it. I still have to less coding skills to make this work.