[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Radius stores the detailed information about accounting packets it receives in files ‘radacct/nasname/detail’ (see section Naming Conventions), where nasname is replaced with the short name of the NAS from the ‘raddb/naslist’ file (see section NAS List — ‘raddb/naslist’).
By default, this accounting type is always enabled, provided that
‘radacct’ directory exists and is writable
(see section Naming Conventions). To turn the detailed accounting off,
use the detail
statement in the ‘config’ file. For more information
about it, see acct
statement.
The accounting detail files consist of a record for each accounting request. A record includes the timestamp and detailed dump of attributes from the packet, e.g.:
Fri Dec 15 18:00:24 2000 Acct-Session-Id = "2193976896017" User-Name = "e2" Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 11.10.10.125 Calling-Station-Id = "+15678023561" NAS-IP-Address = 11.10.10.11 NAS-Port-Id = 8 Acct-Delay-Time = 0 Timestamp = 976896024 Request-Authenticator = Unverified Fri Dec 15 18:32:09 2000 Acct-Session-Id = "2193976896017" User-Name = "e2" Acct-Status-Type = Stop Acct-Authentic = RADIUS Acct-Output-Octets = 5382 Acct-Input-Octets = 7761 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 11.10.10.125 Acct-Session-Time = 1905 NAS-IP-Address = 11.10.10.11 NAS-Port-Id = 8 Acct-Delay-Time = 0 Timestamp = 976897929 Request-Authenticator = Unverified |
Notice that radiusd
always adds two pseudo-attributes to
detailed listings. Attribute Timestamp
shows the UNIX timestamp
when radiusd
has received the request. Attribute
Request-Authenticator
shows the result of checking the request
authenticator. Its possible values are:
The authenticator check was successful.
The authenticator check failed. This could mean that either the
request was forged or that the remote NAS and radiusd
do not agree on the value of the shared secret.
The authenticator check is not applicable for this request type.
Notice also that the so-called internal attributes by default are not
logged in the detail file. Internal attributes are those whose decimal
value is greater than 255. Such attributes are used internally by
radius and cannot be transferred via RADIUS protocol. Examples of
such attributes are Fall-Through
, Hint
and
Huntgroup-Name
. See section Radius Internal Attributes, for detailed
listing of all internal attributes. The special attribute flag
l
(lower-case ell) may be used to force logging of such
attributes (see section ATTRIBUTE statement).
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] |
This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.