0

Good Afternoon. I have a problem with a Freeradius 2 server in UBuntu 16.04 Is installed from a template in a vmware 5.5 Hypervisor ans since lacks of HHD space, logs start collapsing the system, the load the freeradius server is under is huge .(5000) automata connecting every second via GPRS.

I installed a log-collector server with Ubuntu 16.04 and syslog-ng, also installed syslog-ng in the client, and uncommented this on log section in

/etc/freeradius/radiusd.conf

log{

file syslog

syslog_facility daemon

}

the problem is as follows:

The syslog-ng client connections to the syslog-ng server via UDP port 514 are ESTABLISHED , but the connections o UNIX stream(not clear about that ) between freeradius and client syslog-ng. The question is How could I check that freeradius is effectively sending the logs to syslog-ng client. What would be the mechanism to use since syslog-ng source have different drivers for the source like (file,stream,etc).

The confirguration of syslog servers and clients are as follows:

Server 
@version: 3.5
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"


options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
          owner("root"); group("adm"); perm(0640); stats_freq(0);
          bad_hostname("^gconfd$");
};


##################################################                                                                                                                                                                
options {
        create_dirs(yes);
        owner(radiusmaster);
        group(radiusmaster);
        perm(0640);
        dir_owner(radiusmaster);
        dir_group(radiusmaster);
        dir_perm(0750);
        };


##################################################                                                                                                                                                                

source s_udp {
        udp(ip("172.19.144.27") port(514));
        };


##################################################                                                                                                                                                                
#         Filters                                #                                                                                                                                                                
##################################################                                                                                                                                                                


#Freeradius1                                                                                                                                                                                                      
filter f_radius-1 {
       host("172.19.144.31");
};


destination d_radius-1 {
        file("/media/disco_logs/freeradius/radius-1/$YEAR/$MONTH/$YEAR-$MONTH-$DAY.radius-1.log");
        };


log {
       source(s_udp);
       filter

@include "/etc/sys#log-ng/conf.d/*.conf"(f_radius-1);
       destination(d_radius-1);
    };


@include "/etc/sys#log-ng/conf.d/*.conf"
Client 
@version: 3.5
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"

options { chain_hostnames(off); flush_lines(0); use_dns(no); 
          use_fqdn(no);
          owner("root"); group("adm"); perm(0640); stats_freq(0);
          bad_hostname("^gconfd$");
        };



source s_log_radius_1 {
        file("/var/log/freeradius/radius.log" follow-freq(1)); };


destination d_syslog_udp {
             syslog("172.19.144.27" transport("udp") port(514));
                         };

log {
      source(s_log_radius_1);
      destination(d_syslog_udp);
    };



@include "/etc/syslog-ng/conf.d/*.conf"

I would greatly appreciate any help on this, and Thanks in advance.

Eddy
  • 7
  • 2
  • 10
  • Hi, first check on the client if the freeradius logs appear in the /var/log/freeradius/radius.log file. (Though it seems that you can configure freeradius to log directly into syslog instead of files, see https://wiki.freeradius.org/config/Logging and https://wiki.freeradius.org/guide/Syslog-HOWTO). – Robert Fekete Apr 19 '17 at 06:18

1 Answers1

0

Also, your syslog-ng drivers are mismatched:

  • on the client you have a syslog() destination (RFC5424 message format), while
  • on the server you use udp() (RFC3164 message format)

These are not compatible (see enter link description here). Change your configuration to use matching drivers (I`d recommend using syslog(), and if your environment allows you to do so, use tcp transport).

Robert Fekete
  • 552
  • 1
  • 3
  • 6