Good Afternoon. I have a problem with a Freeradius 2 server in UBuntu 16.04
Is installed from a template in a vmware 5.5 Hypervisor ans since lacks of HHD space, logs start collapsing the system, the load the freeradius server is under is huge .(5000) automata connecting every second via GPRS.
I installed a log-collector server with Ubuntu 16.04 and syslog-ng, also installed syslog-ng in the client, and uncommented this on log section in
/etc/freeradius/radiusd.conf
log{
file syslog
syslog_facility daemon
}
the problem is as follows:
The syslog-ng client connections to the syslog-ng server via UDP port 514 are ESTABLISHED , but the connections o UNIX stream(not clear about that ) between freeradius and client syslog-ng. The question is How could I check that freeradius is effectively sending the logs to syslog-ng client. What would be the mechanism to use since syslog-ng source have different drivers for the source like (file,stream,etc).
The confirguration of syslog servers and clients are as follows:
Server
@version: 3.5
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
};
##################################################
options {
create_dirs(yes);
owner(radiusmaster);
group(radiusmaster);
perm(0640);
dir_owner(radiusmaster);
dir_group(radiusmaster);
dir_perm(0750);
};
##################################################
source s_udp {
udp(ip("172.19.144.27") port(514));
};
##################################################
# Filters #
##################################################
#Freeradius1
filter f_radius-1 {
host("172.19.144.31");
};
destination d_radius-1 {
file("/media/disco_logs/freeradius/radius-1/$YEAR/$MONTH/$YEAR-$MONTH-$DAY.radius-1.log");
};
log {
source(s_udp);
filter
@include "/etc/sys#log-ng/conf.d/*.conf"(f_radius-1);
destination(d_radius-1);
};
@include "/etc/sys#log-ng/conf.d/*.conf"
Client
@version: 3.5
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"
options { chain_hostnames(off); flush_lines(0); use_dns(no);
use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
};
source s_log_radius_1 {
file("/var/log/freeradius/radius.log" follow-freq(1)); };
destination d_syslog_udp {
syslog("172.19.144.27" transport("udp") port(514));
};
log {
source(s_log_radius_1);
destination(d_syslog_udp);
};
@include "/etc/syslog-ng/conf.d/*.conf"
I would greatly appreciate any help on this, and Thanks in advance.
Best Answer
Also, your syslog-ng drivers are mismatched:
These are not compatible (see enter link description here). Change your configuration to use matching drivers (I`d recommend using syslog(), and if your environment allows you to do so, use tcp transport).