Problem backing radius server logs to database

champs1234 · 10-13-2010, 07:26 AM

Iam having problems in storing radius server logs to mysql database, though they are easily logged to files.

I want to log all the fail logs in a mysql database table. For this i have included sql in Post-Auth-Type REJECT section of post-auth section of radiusd.conf

Quote:

post-auth {
Post-Auth-Type REJECT {
sql
}
}

and following line in sql.conf

Quote:

postauth_query = "Here is my sql command "

But whenever i try to start the radius server it fails giving the following error :

Quote:

Error: radiusd.conf: "SQL" modules aren't allowed in 'post-auth' sections -- they have no such method.

Iam using freeradius please help.

Thanks

TB0ne · 10-13-2010, 07:42 AM

Quote:

Originally Posted by champs1234

Iam having problems in storing radius server logs to mysql database, though they are easily logged to files.

I want to log all the fail logs in a mysql database table. For this i have included sql in Post-Auth-Type REJECT section of post-auth section of radiusd.conf and following line in sql.conf

But whenever i try to start the radius server it fails giving the following error :

Iam using freeradius please help.

Did you try to look this up on the Freeradius site???
http://wiki.freeradius.org/index.php/FAQ

From the doc:

Quote:

How do I log failed login attempts in a SQL database?
You may run a SQL query each time a user has an access denied. First you need to write your SQL statement in the directive postauth_query of the module rlm_sql. For example:
postauth_query = "INSERT into radpostauth (user, pass, date) values ('%{User-Name}', '%{User-Password:-Chap-Password}', '%S')"

Then add the sql module to the post-auth section of radiusd.conf. Since we want to run the SQL query only on failed login, we need to use the sub-section Post-Auth-Type REJECT. For example:

post-auth {
# Login successful: get an address from the IP pool.
ippool
Post-Auth-Type REJECT {
# Login failed: log to SQL database.
sql
}
}
Note: This option is usable if you want to detect fraud or similar activities from your users. Keep in mind that this table can became a very large in case you disable to much user accounts, in case of ddos attack, etc. Every rejected attempt will be logged.

champs1234 · 10-13-2010, 08:00 AM

Ya i have. Tell me one thing , isn't

Quote:

First you need to write your SQL statement in the directive postauth_query of the module rlm_sql. For example:
postauth_query = "INSERT into radpostauth (user, pass, date) values ('%{User-Name}', '%{User-Password:-Chap-Password}', '%S')"

equals

following line in sql.conf

Quote:

postauth_query = "Here is my sql command "

.

If not then please explain the above.

champs1234 · 10-23-2010, 12:42 AM

Please help, m still looking for the answer..

TB0ne · 10-23-2010, 10:17 AM

Quote:

Originally Posted by champs1234

Please help, m still looking for the answer..

You were given the answer already. Read the link, follow the instructions. Doesn't get much simpler than that. If you can't understand the link, then get someone else to do it for you.

champs1234 · 10-26-2010, 01:56 AM

I have read that and tried that but still no success. Iam still getting this error. Thats why iam asking for help :

Quote:

Error: radiusd.conf: "SQL" modules aren't allowed in 'post-auth' sections -- they have no such method.

Its not about understanding it, it about solution. Since i didn't got success then there could be 2 cases either i have done something wrong or this solution is not working. So in my above posts i was checking the 1st case, but now i think its not the 1st case its 2nd..