1
.TH rlm_sql_log 5 "28 May 2005" "" "FreeRADIUS Module"
3
rlm_sql_log \- FreeRADIUS Module
5
The \fBrlm_sql_log\fP module appends the SQL queries in a log file
6
which is read later by the scripts/radsqlrelay Perl program.
8
The purpose of this module is to de-couple the storage of long-term
9
accounting data in SQL from "live" information needed by the RADIUS
10
server as it's running. If you are not using SQL for simultaneous
11
login restrictions (i.e. "sql" is not listed in the "session" section
12
of "radiusd.conf"), then this module allows you to log SQL queries to
13
a file, and then process them at your leisure.
15
The benefit of this approach is that for a busy server, the overhead
16
of performing SQL queries may be significant. Also, if the SQL
17
databases are large (as is typical for ones storing months of data),
18
the INSERTs and UPDATEs may take a relatively long time. Rather than
19
slowing down the RADIUS server by having it interact with a database,
20
you can just log the queries to a file, and then run those queries on
21
another machine, or at a time when the RADIUS server is typically
24
If the "sql" module is listed in the "session" section of
25
"radiusd.conf", then a similar system can still be used. In that
26
case, one database would be used to maintain "live" session
27
information. That database would be small, fast, and information
28
would be deleted from it when a user logs out. A second database
29
would store long-term accounting information, as described above.
31
This module only performs the dynamic expansion of the variables found
32
in the SQL statements. No operation is executed on the database server.
33
(this would be done later by an external program) That means the module
34
is useful only with non-"SELECT" statements.
36
The main configuration items to be aware of are the path of the log
37
file and the different SQL queries.
39
An entry named "path" sets the full path of the file where the SQL
40
queries are recorded. (this variable is run through dynamic string
41
expansion, and can include FreeRADIUS variables to create a dynamic
43
.IP "Accounting queries"
44
When a accounting record is processed, the module searches a config
45
entry keyed by the Acct-Status-Type attribute present in the
46
packet. For example, the SQL to be run on an accounting start must be
47
named "Start" in the configuration for the module. Other usual values
48
for Acct-Status-Type are "Stop", "Alive", "Accounting-On", etc. See
49
the VALUEs for Acct-Status-Type in the dictionary.rfc2866 file.
51
An entry named "Post-Auth" sets the query to run during the
52
post-authentication stage. This query is mainly used to log sessions
53
where there may not be a later accounting packet.
61
path = ${radacctdir}/sql-relay
63
acct_table = "radacct"
65
postauth_table = "radpostauth"
69
Start = "INSERT INTO ${acct_table} ..."
71
Stop = "UPDATE ${acct_table} SET ..."
73
Alive = "UPDATE ${acct_table} SET ..."
77
Post-Auth = "INSERT INTO ${postauth_table} ..."
108
.I /etc/raddb/radiusd.conf
114
Nicolas Baradakis <nicolas.baradakis@cegetel.net>
added
removed
man/man5/rlm_sql_log.5
