The log.config File

The log.config file specifies configuration information for session logging in the server. Session logging configuration allows users to define multiple logging streams, which can be used with sophisticated FSM tables. For most applications, you need to configure only the default stream. Configuration of any stream (including the default stream) allows some control over the following:

Format
Frequency of switching a stream from one file to another
Location of the session log file
Name of the file

Syntax of a Stream Entry

The stream is configured through one or more sub-commands that follow the first line of the entry. Listed below is the syntax of a stream entry in the log.config file:

stream            name    {
   aatv        AATV_NAME
   aatv-value  integer
   alias       alternate_stream
   filename    string
   buffer      integer
   chmod       {octal|{ugo}{+-}{rw}} 
   close       {on| off}
   dont        attribute attribute . . .
   {gmt|local}
   join        joined_stream
   header      {none|type|full} 
   on-endfile  command
   path        pathname
   update      seconds
   wrap        integer
}
end

name

Identifies the stream.

aatv

Specifies one of the following AATVs to use for logging.

LOG_ACCT (Livingston/Lucent/RABU style call detail format, default)
LOG_ALL (logs all streams defined in log.config)
LOG_BRIEF (simple session format)
LOG_BY_ATTRIBUTE (logging based on user specified attribute in radius.fsm file)
LOG_BY_NAS (logging based on NAS-Identifier attribute)
LOG_BY_REALM (logging based on User-Realm attribute)
LOG_TACACS+ Cisco Terminal Access Controller Access Control System + (TACACS+) accounting record format)
LOG_V1_1 (previous version of Merit logging)
LOG_V2_0 (Merit logging)

alias

Specifies another stream name to record when this stream is logged.

filename

Defines the naming convention for accounting log files and the frequency that a new time-stamped file is generated. This parameter follows the same format as the strftime command. A new time-stamped file will be generated according to the shortest unit of time indicated by the parameter. For example,
file.%Y--%m-%d.extension will generate a new file each day.
file.%Y-%m-%d-%h.extension will generate a new file each hour.

buffer

Indicates how many records must be buffered before they are written to the log file.

chmod

Defines permissions for the file.

close

Determines whether the log file must be closed after records are written to it.

dont

A list of attributes that must not be recorded.

{gmt|local}

These keywords determines what time to use for time stamps.

join

Merges this stream with the specified stream.

header

Determines the information that must appear in the beginning of the log file before the list of log records.

on-endfile

Shells the specified command or program when a new log file is generated.

path

Specifies an alternate location for log files.

update

Determines how often the log file must be updated.

wrap

Determines how many attributes will appear on each line of the session record.

Default Entry

The stream entry identified with the name, *default*, will be used when LOG is invoked by the FSM without an Xstring parameter.

End Entry

The one-keyword end entry tells the session logging subsystem to stop reading the configuration file, allowing subsequent text to be ignored.

Logging Multiple Streams

To log multiple streams you must define a default stream with the AATV sub-command set to LOG_ALL. When you specify a log.config default entry with this sub-command, all other streams defined in the log.config file will also generate session logs.

Values Logged by Default

The default LOG_v2_0 value used for session logs records the information listed in Table 28-2 “Information Recorded by LOG_V2_o”.

Table 28-2 Information Recorded by LOG_V2_o

Field	Type	Value	Description
1	seconds since midnight Jan. 1, 1970.	`LAS_start_time`	Start of session, as calculated by the LAS.
2	integer	`LAS_code`	LAS termination code.
3	duration in seconds	`local_duration`	Duration, as best calculated by the directly connected NAS server
4	seconds, relative to LAS_start_time	`now`	Time when record is logged by this system
5	duration in seconds	`LAS_duration`	Duration, as best calculated by the LAS
6	string	`accessID`	The (corrected) access ID, user@realm
7	string	`reserved`	reserved
8	quoted_string	`sessionID`	Session ID, found in Class attribute
9	string	`token_pool`	Token Pool name, found in attribute Token
10	duration in seconds	`session_timeout`	Session time (duration) limit
11	string / integer	`NAS_ID` or `NAS_port`	NAS-Identifier or NAS-Port attribute value
12	string	`service_class`	Service-Class attribute value
13	string	`filter`
14	string[/string[/string]]	`service_type`	Service-Type followed by additional fields separated by a ‘/’, depending on Service-Type. If framed, the other fields (if present) are: Framed-Protocol Framed-IP-Address Framed-IPv6-Prefix Framed-Interface-Id If Login, the other fields (if present) are: Login-Service-Type Login-IP-Host or Login- IPv6-Host Login-TCP-Port

For a complete description of the session log format and recorded values, see Chapter 12 “Logging and Monitoring ”.

Examples

The following examples illustrate some basic session log configurations.

Livingston Call Detail Record (CDR) Format

By specifying log_acct for aatv, LOG will generate CDRs in a single flat file. Following is the syntax:

stream *default* {
    aatv      log_acct
    buffer    1
    close     on
    filename  session.%Y-%m-%d.log
    update    900
    wrap      3
}
end

Multiple Logging Streams

By specifying log_all for aatv, LOG will generate a record for each stream defined in the log.config file (before the end keyword). Following is the syntax:

stream *default*   aatv     log_all
stream old {
    aatv           log_v1_1
    buffer         1
    close          on
    filename       record.%y%m%d.las
}
 
stream new {
    aatv           log_v2_0
    aatv-value     7
    buffer         1
    close          on
    filename       recordv2.%y%m%d.las
}
end

Logging Based on attributes

This sample aatv logs all accounting request logs for yourorg.com in the yourorg.%Y%M.log file and the rest of the accounting request in the realm.%Y%M.log file. This stream configuration for logging is based on log_by_realm. The log_by_realm AATV searches for the User-Realm attribute. Following is the syntax:

Stream  *default* {
        aatv         LOG_BY_REALM
        buffer       1
        close        on
        filename     session.%Y-%m-%d.log
        update       900
        wrap         3
}
 
stream User-Realm::*default* {
        aatv log_acct
        buffer 1
        close on
        filename realm.%Y%M.log
        update 900
        wrap 3
}
 
stream User-Realm::yourorg.com {
        aatv log_acct
        buffer 1
        close on
        filename yourorg.%Y%M.log
        update 1
        wrap 3
}
end

Accounting Log Based on Attribute Value

You can write accounting log to different log files, based on the RADIUS attribute value in the RADIUS accounting-request. To write accounting log to a different log file, you must modify the /etc/opt/aaa/log.config and /etc/opt/aaa/radius.fsm files.

To write accounting log to different log files, complete the following steps:

Modify the /etc/opt/aaa/log.config file by replacing the following code:

stream  *default* {
aatv            log_v2_0
buffer          1
close           on
filename       session.%Y-%m-%d.log
update         900
wrap            3
}
end

with the code shown below:

# log_by_attribute logging configuration
#
stream  *default* {
aatv            LOG_BY_ATTRIBUTE
}
stream Called-Station-Id::*default*     {
        aatv            log_acct
        buffer          1
        close           on
        filename        logotherattr.%Y-%m-%d.log
        update          900
        wrap            3
}
stream Called-Station-Id::12345 {
        aatv            log_acct
        buffer          1
        close           on
        filename        logbyattr.%Y-%m-%d.log
        update          900
        wrap            3
}
end

Modify the radius.fsm file by changing all the lines in Acctlog that reference the LOG AATV as in the following.

*.*.ACCT_START   LOG_BY_ATTRIBUTE    ReplyHold  xstring="Called-Station-Id"
*.*.ACCT_STOP      LOG_BY_ATTRIBUTE      ReplyHold   xstring="Called-Station-Id"

HUP or stop and start the server.
Send accounting Start and/or Stop request with Called-Station-Id attribute.
You can now see the following file: /var/opt/aaa/acct/logbyattr.2005-05-16.log

Send accounting Start and/or Stop request without Called-Station-Id attribute.

Example of an accounting start message:

radpwtst -c 4 -s localhost -u ppp -i 1.1.1.1 -l 4 -:Acct-Status-
Type=Start-:Called-Station-Id=12345 -w password test_user

Example of an accounting stop message:

radpwtst -c 4 -s localhost -u ppp -i 1.1.1.1 -l 4 -:Acct-Status-
Type=Stop-:Called-Station-Id=12345 -w password test_user

You can now see the following file: /var/opt/aaa/acct/logotherattr.2005-05-16.log

Changing the Accounting Log Rollover Interval

The log rollover interval (how often a new log file is created to store accounting records) is determined by the timestamp portion of the filename. To change the interval follow the steps described in “Changing the Accounting Log Filename”. The logging interval will change to the finest unit of time in the timestamp portion of the filename. For example, %Y-%m-%d-%H, will change the rollover interval to hourly.