/etc/freeradius/3.0/mods-available/linelog is in freeradius-config 3.0.16+dfsg-1ubuntu3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 | # -*- text -*-
#
# $Id: c646da0a05cbdf6e984f79cea105de41de4b0528 $
#
# The "linelog" module will log one line of text to a file.
# Both the filename and the line of text are dynamically expanded.
#
# We STRONGLY suggest that you do not use data from the
# packet as part of the filename.
#
linelog {
#
# The file where the logs will go.
#
# If the filename is "syslog", then the log messages will
# go to syslog.
filename = ${logdir}/linelog
#
# Most file systems can handly nearly the full range of UTF-8
# characters. Ones that can deal with a limited range should
# set this to "yes".
#
escape_filenames = no
#
# The Unix-style permissions on the log file.
#
# Depending on format string, the log file may contain secret or
# private information about users. Keep the file permissions as
# restrictive as possible.
permissions = 0600
# The Unix group which owns the log file.
#
# The user that freeradius runs as must be in the specified
# group, otherwise it will not be possible to set the group.
# group = ${security.group}
# Syslog facility (if logging via syslog).
# Defaults to the syslog_facility config item in radiusd.conf.
# Standard facilities are:
# - kern Messages generated by the kernel. These cannot
# be generated by any user processes.
# - user Messages generated by random user processes.
# This is the default facility identifier if
# none is specified.
# - mail The mail system.
# - daemon System daemons, such as routed(8), that are not
# provided for explicitly by other facilities.
# - auth The authorization system: login(1), su(1),
# getty(8), etc.
# - lpr The line printer spooling system: cups-lpd(8),
# cupsd(8), etc.
# - news The network news system.
# - uucp The uucp system.
# - cron The cron daemon: cron(8).
# - authpriv The same as LOG_AUTH, but logged to a file
# readable only by selected individuals.
# - ftp The file transfer protocol daemons: ftpd(8),
# tftpd(8).
# - local[0-7] Reserved for local use.
# syslog_facility = daemon
# Syslog severity (if logging via syslog). Defaults to info.
# Possible values are:
# - emergency A panic condition. This is normally broadcast
# to all users.
# - alert A condition that should be corrected immediately,
# such as a corrupted system database.
# - critical Critical conditions, e.g., hard device errors.
# - error Errors.
# - warning Warning messages.
# - notice Conditions that are not error conditions, but
# should possibly be handled specially.
# - info Informational messages.
# - debug Messages that contain information normally of use
# only when debugging a program.
# syslog_severity = info
# If logging via syslog, the severity can be set here.
# Defaults to info.
#
# The default format string.
format = "This is a log message for %{User-Name}"
#
# This next line can be omitted. If it is omitted, then
# the log message is static, and is always given by "format",
# above.
#
# If it is defined, then the string is dynamically expanded,
# and the result is used to find another configuration entry
# here, with the given name. That name is then used as the
# format string.
#
# If the configuration entry cannot be found, then no log
# message is printed.
#
# i.e. You can have many log messages in one "linelog" module.
# If this two-step expansion did not exist, you would have
# needed to configure one "linelog" module for each log message.
#
# Reference the Packet-Type (Access-Accept, etc.) If it doesn't
# exist, reference the "defaukt" entry.
#
# This is for "linelog" being used in the post-auth section
# If you want to use it in "authorize", you need to change
# the reference to "messages.%{%{Packet-Type}:-default}",
# and then add the appropriate messages.
#
reference = "messages.%{%{reply:Packet-Type}:-default}"
#
# The messages defined here are taken from the "reference"
# expansion, above.
#
messages {
default = "Unknown packet type %{Packet-Type}"
Access-Accept = "Accepted user: %{User-Name}"
Access-Reject = "Rejected user: %{User-Name}"
Access-Challenge = "Sent challenge: %{User-Name}"
}
}
#
# Another example, for accounting packets.
#
linelog log_accounting {
#
# Used if the expansion of "reference" fails.
#
format = ""
filename = ${logdir}/linelog-accounting
permissions = 0600
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
#
# Another example:
#
#
Accounting-Request {
Start = "Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})"
Stop = "Disconnect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address}) %{Acct-Session-Time} seconds"
# Don't log anything for these packets.
Alive = ""
Accounting-On = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just came online"
Accounting-Off = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) just went offline"
# don't log anything for other Acct-Status-Types.
unknown = "NAS %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} (%{%{NAS-IP-Address}:-%{NAS-IPv6-Address}}) sent unknown Acct-Status-Type %{Acct-Status-Type}"
}
}
|