Make radius.log visible in webGUI like STATUS -> System Logs. php question



  • Hi,

    I want to create an extra tab in the freeradius package for the freeradius logs. Actually the is the possibility to log everything in /var/log/radius.log or in STATUS -> System Logs -> System.

    But if you have many clients authentication on freeradius then the systemlogs will be spammed with freeradius messages.

    So I created - or better copied an existing logging .php and modified it to use /var/log/radius.log as sourcefile.

    The .php file above is the /usr/local/www/diag_logs.php file which I just modified and saved as "freeradius_logs.php"

    /* $Id$ */
    /*
    	diag_logs.php
    	Copyright (C) 2004-2009 Scott Ullrich
    	All rights reserved.
    
    	originally part of m0n0wall (http://m0n0.ch/wall)
    	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
    	All rights reserved.
    
    	Redistribution and use in source and binary forms, with or without
    	modification, are permitted provided that the following conditions are met:
    
    	1\. Redistributions of source code must retain the above copyright notice,
    	   this list of conditions and the following disclaimer.
    
    	2\. Redistributions in binary form must reproduce the above copyright
    	   notice, this list of conditions and the following disclaimer in the
    	   documentation and/or other materials provided with the distribution.
    
    	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    	POSSIBILITY OF SUCH DAMAGE.
    */
    
    /*		
    	pfSense_MODULE:	system
    */
    
    ##|+PRIV
    ##|*IDENT=page-diagnostics-logs-system
    ##|*NAME=Diagnostics: Logs: System page
    ##|*DESCR=Allow access to the 'Diagnostics: Logs: System' page.
    ##|*MATCH=diag_logs.php*
    ##|-PRIV
    
    require("guiconfig.inc");
    
    $radius_logfile = "{$g['varlog_path']}/radius.log";
    
    $nentries = $config['syslog']['nentries'];
    if (!$nentries)
    	$nentries = 50;
    
    if ($_POST['clear']) 
    	clear_log_file($radius_logfile);
    
    if ($_GET['filtertext'])
    	$filtertext = htmlspecialchars($_GET['filtertext']);
    
    if ($_POST['filtertext'])
    	$filtertext = htmlspecialchars($_POST['filtertext']);
    
    if ($filtertext)
    	$filtertextmeta="?filtertext=$filtertext";
    
    $pgtitle = array(gettext("FreeRADIUS"),gettext("Log"));
    include("head.inc");
    
    ?>
    
    	$tab_array = array();
    	$tab_array[] = array(gettext("User"), false, "/pkg.php?xml=freeradius.xml");
    	$tab_array[] = array(gettext("Clients"), false, "/pkg.php?xml=freeradiusclients.xml");
    	$tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeradiussettings.xml&id=0");
    	$tab_array[] = array(gettext("Log"), true, "/freeradius_logs.php");
    	display_top_tabs($tab_array);
    ?>
    		 |		
    
    					if($filtertext)
    						dump_clog($radius_logfile, $nentries, true, array("$filtertext"), array("ppp"));
    					else
    						dump_clog($radius_logfile, $nentries, true, array(), array("ppp"));
    				?>
    
    					  |												
    
    <form id="filterform" name="filterform" action="freeradius_logs.php" method="post" style="margin-top: 14px;">
                  				" />
    						</form>
    
    					 |					 
    
    <form id="clearform" name="clearform" action="freeradius_logs.php" method="post" style="margin-top: 14px;">
    
                  				" />
    						</form>
    
    					 |							
    
    		 |</mk@neon1.net> 
    

    The .php file is only working if I change the following line:

    $radius_logfile = "{$g['varlog_path']}/radius.log";
    

    and using "sysem.log" or "dhcpd.log" instead of "radius.log".
    So the .php file is working but the must be a difference in the log files but I do not know where, why and what.

    Perhaps someone could help me or explain to me why it is not working and/or will never work.
    Thanks



  • Nachtfalke,

    If freeradius uses syslog facilities, you may need to include it in /etc/syslogd.conf

    take a look at postfix.inc file.

    att,
    Marcello Coutinho



  • Hi,

    thanks for your reply.

    I can change if freeRADIUS logs it files to /var/lag/radius.log or to syslog. But when logging to syslog then it saves all logs in /var/log/system.log I would like to redirect it to another file so that I could create a different tab only for radius logs.

    But I will have a look at the postfix.inc.
    Thank you.



  • that's the point.

    If freeradius is able to write to syslog daemon and you include a syslog facility 'radius', you will be able to log to radius.log using syslog.


  • Rebel Alliance Developer Netgate

    I don't recall the specific details of how it works, but there is Diagnostics > Package Logs that is made for packages to hook into this way.



  • I played around with "diag_pkglogs.php" because I found that arpwatch is logging there.
    I am no coding pro so I just replaced "arpwatch" with "radius" and so on but didn't work.

    Not sure if it is enough to add

     <logging><facilityname>freeRADIUS</facilityname>
    <logfilename>radius.log</logfilename></logging> 
    

    to the config.xml or if there is more to do. Didn't want to add it because I do not want to break the package (again).


  • Rebel Alliance Developer Netgate

    That doesn't get added to config.xml directly, it's part of the package definition in pkg_config.8.xml and such. There are several packages that have it set there. Not sure how well it works, if it works at all, but others are doing it.



  • It works perfectly. This is what I used for the Unbound package

    
     <logging><facilityname>unbound</facilityname>
      <logfilename>unbound.log</logfilename>
      <logtab>Unbound</logtab></logging> 
    
    

    You can then view it via Status->Package Logs. So just modify the above to suit your needs.



  • Hi, I added this to the pkg.config.8.xml.amd64

     <logging><facilityname>freeradius</facilityname>
      <logfilename>radius.log</logfilename>
      <logtab>freeRADIUS</logtab></logging> 
    

    There is no tab in "Package logs" and of course no logging.


  • Rebel Alliance Developer Netgate

    Did you reinstall the package after that was added? When you do, it will end up in config.xml but as a part of the <package>tag for it.

    (Also make sure you wait for ~10 minutes after the commit actually was approved so the package repo has a chance to sync up the new commits)</package>



  • Have you configured freeRADIUS to log to syslog and ensure it starts up with the syslog options?

    Dont forget to update pkg.config.8.xml as well, so i386 also gets some logging love.



  • This is in /etc/syslog.conf

    !freeradius
    *.*                                              %/var/log/radius.log
    
    

    The process name of freeradius is "radiusd" should this be in syslog.conf instead of "freeradius" ?

    to change between logging to "radius.log" or to "syslog" I only have to change one line in freeradius.inc which effects /usr/local/etc/raddb/radiusd.conf

    /var/log/radius.log

    logdir = /var/log
    

    syslog:

    logdir = syslog
    


  • did you get this working?



  • Sorry I didn't.
    For me it seems like the output in the radius.log file in /var/log isn't in the correct format to make it visible in GUI.

    As an example I copied system.log to radius.log and than it was visible in GUI (Package Logs). But I don't know how to fix it. I still have to less coding skills to make this work.


Locked