Packets Logging Settings

This dialog defines how authentication request and reply request attributes may be logged to a database. This may be useful, for instance, to track failed requests for better customer support.

Data source ID. Select one of the configured data connections from the list.

Log proxy-forwarded requests/responses. Check this option to log attributes from proxy-forwarded packets. If this option checked off, forwarded packets are not logged.

Issue this SQL command to log Access-Accept authentication transaction. Check this option to log successful authentication request/response packets.

Access-Accept command. Type in SQL command here that logs RADIUS attributes.

You may use the special keys $u, $r, $c, $n, $s, $f, $h in the command to substitute user name, realm, etc. from the request packet (see their meaning here). Besides these keys, you may insert attribute values from the request and response packets into the command. Read more about it.

Sample command: <INSERT INTO Table1(User, IPAddress, ServiceType) values('$u', '{out:Framed-IP-Address}', '{$Service-Type?0}')>

You may use 'out:' prefix to specify an attribute from a response packet. Thus {Framed-IP-Address} is an attribute from Access-Request packet, while {out:Framed-IP-Address} is the one from an Access-Accept packet.

Issue this SQL command to log Access-Reject authentication transaction. Check this option to log failed authentication request/response transactions.

Access-Reject command. Type in SQL command here that logs RADIUS attributes.

You may use the same keys as in Access-Accept command: $u, $r, $c, $n, $s, $f, $h (see their meaning here). Besides, you may insert attribute values from request and response packets into the command. Read more about it.

Sample command: <INSERT INTO Table1(User, Reason, ServiceType) values('$u', '{out:Reply-Message}', '{$Service-Type?0}')>

You may use 'out:' prefix to specify an attribute from a response packet. Thus {Reply-Message} could be an attribute from Access-Request packet (but actually never used there), while {out:Reply-Message} is the one from an Access-Reject packet.

Enable Syslog logging. Turn this option on to send received and sent RADIUS packets to a Syslog server.

Syslog server IP address. Specifies an IP address of the Syslog server.

Message priority. Select an appropriate message type from the list.

Facility. Select one from the list of protocol-defined values.

Message string. Type in a string pattern which is sent to the Syslog server. It may include special keys $u, $r, $c, $n, $s, $f, $h (see their meaning here) and RADIUS attribute values from the request and response packets. Read more about it. There are no syntax restrictions on this string.

Sample string: Packet received from the host: $c

Click 'Apply Changes' when you have configured realm authentication settings and needs to save them.