1rlm_sql_log(5) FreeRADIUS Module rlm_sql_log(5)
2
6 rlm_sql_log - FreeRADIUS Module
7
9 The rlm_sql_log module appends the SQL queries in a log file which is
10 read later by the scripts/radsqlrelay Perl program.
11 The purpose of this module is to de-couple the storage of long-term
13 accounting data in SQL from "live" information needed by the RADIUS
14 server as it's running. If you are not using SQL for simultaneous
15 login restrictions (i.e. "sql" is not listed in the "session" section
16 of "radiusd.conf"), then this module allows you to log SQL queries to a
17 file, and then process them at your leisure.
18 The benefit of this approach is that for a busy server, the overhead of
20 performing SQL queries may be significant. Also, if the SQL databases
21 are large (as is typical for ones storing months of data), the INSERTs
22 and UPDATEs may take a relatively long time. Rather than slowing down
23 the RADIUS server by having it interact with a database, you can just
24 log the queries to a file, and then run those queries on another
25 machine, or at a time when the RADIUS server is typically lightly
26 loaded.
27 If the "sql" module is listed in the "session" section of
29 "radiusd.conf", then a similar system can still be used. In that case,
30 one database would be used to maintain "live" session information.
31 That database would be small, fast, and information would be deleted
32 from it when a user logs out. A second database would store long-term
33 accounting information, as described above.
34
36 This module only performs the dynamic expansion of the variables found
37 in the SQL statements. No operation is executed on the database server.
38 (this would be done later by an external program) That means the module
39 is useful only with non-"SELECT" statements.
40
42 The main configuration items to be aware of are the path of the log
43 file and the different SQL queries.
44 path An entry named "path" sets the full path of the file where the
46 SQL queries are recorded. (this variable is run through dynamic
47 string expansion, and can include FreeRADIUS variables to create
48 a dynamic filename)
49 Accounting queries
51 When a accounting record is processed, the module searches a
52 config entry keyed by the Acct-Status-Type attribute present in
53 the packet. For example, the SQL to be run on an accounting
54 start must be named "Start" in the configuration for the module.
55 Other usual values for Acct-Status-Type are "Stop", "Alive",
56 "Accounting-On", etc. See the VALUEs for Acct-Status-Type in
57 the dictionary.rfc2866 file.
58 Post-Auth query
60 An entry named "Post-Auth" sets the query to run during the
61 post-authentication stage. This query is mainly used to log
62 sessions where there may not be a later accounting packet.
63 modules {
65 ...
66 sql_log {
67 path = ${radacctdir}/sql-relay
68 acct_table = "radacct"
69 postauth_table = "radpostauth"
70 Start = "INSERT INTO ${acct_table} ..."
72 Stop = "UPDATE ${acct_table} SET ..."
73 Alive = "UPDATE ${acct_table} SET ..."
74 Post-Auth = "INSERT INTO ${postauth_table} ..."
76 }
77 ...
78 }
79 accounting {
81 ...
82 sql_log
83 ...
84 }
85 post-auth {
87 ...
88 sql_log
89 ...
90 }
91
93 accounting, post-auth
94
96 /etc/raddb/radiusd.conf
97
99 radsqlrelay(8), radiusd(8), radiusd.conf(5)
100
102 Nicolas Baradakis <nicolas.baradakis@cegetel.net>
103 28 May 2005 rlm_sql_log(5)