Contents

User's Guide
Overview
What It Is
What's New
Key Features List
ClearBox Enterprise vs ClearBox
System Requirements
Purchasing Licenses
Getting Started
Quick Start
Understanding Server Components
Managing User Accounts
Configuring RADIUS Realms
Realm Settings
Realm Rules
Dynamic Realm Rules
Authentication
Authentication Protocols Compatibility
Logging Authentication Packets
Logging Discarded Requests
Authorization
Accounting
Account Log Files
Realm Settings
Configuring SQL Queries
Private RADIUS Attributes
Regular Expressions Syntax
RADIUS Clients
RADIUS Client Settings
Dynamic Clients Settings
SQL Data Sources
SQL Data Source Settings
LDAP Servers
LDAP Server Settings
Remote RADIUS Servers
Remote RADIUS Server Settings
State Servers
State Server Settings
Meta Configuration
Meta Configuration
Meta Configuration Settings
Meta Base Schema
TLS Settings
Creating SSL Certificates
Creating Server Sertificate
Requesting Server Certificate
Creating Client Certificates
Revoking a Certificate or Renewing CRL
Exporting CA Certificate
Issuing a Certificate in Active Directory CA
Remote Configuration
Advanced ISP Billing Integration
DTH Billing Integration
Platypus Billing System Intergration
OnDO SIP Server Integration
How Do I...
Wi-Fi Security
Wireless Authentication
Wi-Fi and RADIUS
Supported EAP Authentication Types
Security Considerations
10 Tips for Wireless Network Security
Administering the Server
Logging
Debug Logs
Troubleshooting
Using Client Tool
List of Server Errors
Maintaining RADIUS Dictionary
Basic Concepts
AAA
Authentication
Wireless Authentication
Authentication Protocols
Authorization
Accounting
RADIUS
RADIUS
Realms
RADIUS Proxy
RADIUS Attributes
Example of RADIUS Packet Transactions
List of Standard RADIUS Attributes
Glossary
Technical Support
Purchasing Licenses
Contacts

 
Home
ClearBox Enterprise Server 2.0 Online Manual
Prev Page Next Page
 
 
ClearBox Enterprise Serverâ„¢ 2.0. User's Guide

Logging

ClearBox Server is capable of dumping content of all packets it receives and sends and all errors and warnings that may occur during server operation.

The logs may be directed to

  • Log files (optionally);
  • Server Manager for remote observing;
  • Windows Event Log (optionally).

These logs cannot be used for accounting and are intended for debugging purposes only.

NOTE. I t is not recommended to turn on dumping packets to Windows Event Log to prevent its overfilling.

Log files may be permanent (i.e. they are not changed when the server runs) and be optionally renewed daily. In order to turn on the latter, open Server Manager, go to the 'Server settings' tab, select 'Logging settings' and check the 'Start new file every day' option. ClearBox then renames current log file every midnight, adding the passed date to the file name, and starts new file.

Error Logging

All errors are logged into a specific file with the default location in <installation directory>/Bin/errlog.txt.

Three types of events are logged into error file:

  • Errors. Every entry reporting about an error has its number, by which it can be identified (see numeric list of errors). An error has a description and may have additional information, which may describe error reason.
  • Warnings. They report about events that are not so severe as errors but may affect server operation.
  • Informational messages ("Info"). They carry information about changes in server state.

Error log file is the first place to look in when server does not operate properly. If the server doesn't start, but this file doesn't exist or have no related information, this means that all errors are sent to Windows Event Log.

See Troubleshooting for more details how to find errors and fix them.

Debug Logging

Debug logging writes all information relevant to a RADIUS request processing to the packets log file. Debug logging is described in details here.

Packets logging

ClearBox Server can be configured to log content of all packets. This feature should be used primarily for debugging.

RADIUS packets are logged as request/response transactions, which means that every request packet has a matching response, and these two packets are logged as a single transaction. An empty line separates packets within a transaction.

There are three types of transactions:

  • RADIUS Authentication transaction (Authentication request-response).
  • RADIUS Accounting transaction (Accounting request-response).
  • RADIUS Proxy transaction (RADIUS packet forwarded to another host and a response).

The following fields are logged for every packet in a transaction:

  • Client address. It is IP address of client (i.e. the sender of the request packet).
  • NAS address. It is the value extracted from NAS-IP-Address attribute if it is present in the packet.
  • UniqueID. It is the unique number assigned by ClearBox to the packet. It is incremented by one with every new packet.
  • Realm. It is the name of realm chosen by ClearBox for packet processing. If no realm is specified for a user, (null) is used.
  • User. It is the user name for which the packet was created. It may not correspond to User-Name attribute from the request packet as the server may rewrite it.
  • PAP password. It is user password in cleartext form, decrypted from User-Password attribute in the Access-Request packet. The password is logged only if Log PAP cleartext passwords option is turned on in Server Manager.
  • Code. It is a standard RADIUS packet type (e.g. Access-Request, Accounting-Response).
  • ID. It is ID of the RADIUS packet and is used for matching request-response packets.
  • Length. It is the number of bytes in the packet. This field is valid for request packets only, and length of response packets is calculated only after the transaction is logged.
  • Authenticator. It is the Authenticator field from the packet. Authenticator is calculated after transaction is logged, and is valid for request packets only.
  • Forwarded to/received from. It is specified for 'RADIUS Proxy transactions' and describes a host to which a packet was forwarded.

Then list of RADIUS attributes then follows.

Raw Packets Logging

ClearBox is capable of dumping all incoming and outcoming RADIUS packets to files in binary form. This feature may become useful in debugging when problems can be caused by invalid packet structure. The binary log (in hexadecimal form) of raw (unparsed) data allows to view and analyze the packets.

By default, dumping raw data is turned off and can be configured with Server Manager on the Server settings tab (Server Settings -> Logging settings -> Raw packet data dumping). Data bytes are grouped by four and are written for every received and sent packet with current date, time, IP address and port of a packet sender/receiver.

Note that this featured should normally be turned off as it hits the server performance.


© 2001-2007 XPerience Technologies. www.xperiencetech.com
Converted from CHM to HTML with chm2web Pro 2.7 (unicode)