We have 2 freeradius authentication servers which service around 12k users. Users often enter incorrect credentials and this causes significant strain on the helpdesk. I'd like to write a script to monitor the radius logs for authentication failures (or alternatively the mysql postauth table) and then lookup the customers email address on the database server to be able to send them an email with a link to a password troubleshooting page.
The question is how best to do this? My first thought is to setup rsyslog or something and forward the logs to the web/db server and then have a script running there which tails the logs. I also thought of having something running locally on each radius server which monitors the logs or the mysql postauth table. I can figure out how to implement it but Im not sure of the best strategy. Any advice?
Best Answer
You could try using perl in Post-Auth-Type REJECT
references Freeradius FAQ, Post-Auth-Type docs, rlm_perl.