RSA Security 6.1 manual Level of Logging Detail, Controlling Log File Size

Page 88

Level of Logging Detail

You can control the level of detail recorded in the system log files with

LogLevel, LogAccept, and LogReject settings.

XThe LogLevel setting determines the level of detail given in the RADIUS system log file. The LogLevel can be 0, 1, or 2, where 0 is the least amount of information, 1 is intermediate, and 2 is the most verbose. It is specified in the [Configuration] section of radius.ini file.

XThe LogAccept and LogReject flags allow you to turn on or off the logging of Access-Accept and Access-Reject messages in the log file. These flags are set in the [Configuration] section of radius.ini: a value of 1 (the default) causes these messages to be logged, and a value of 0 causes the messages to be omitted. An Accept or Reject is logged only if LogAccept or LogReject, respectively, is enabled and the LogLevel is “verbose” enough for the message to be recorded.

The TraceLevel setting specifies whether packets should be logged when they are received and being processed, and what level of detail should be recorded in the log.

Controlling Log File Size

Optionally, you can specify a maximum size for a RADIUS system log file by entering a non-zero value for the LogfileMaxMBytes setting in the [Configuration] section of the radius.ini file.

XIf a maximum file size is set, the name of the RADIUS system log file identifies the date and time it was opened (YYYYMMDD_HHMM.log). When the current RADIUS system log file approaches the specified number of megabytes (1024 x 1024 bytes), the current log file is closed and a new one is opened. The closed file will be slightly smaller than the specified maximum file size.

XIf the maximum file size is set to 0 (or if the LogfileMaxMBytes setting is absent), the RADIUS system log file size is ignored and log file names are datestamped to identify when they were opened (YYYYMMDD.log).

NOTE: If LogFileMaxMBytes is configured for a small non-zero number, the log file may exceed the specified maximum file size in less than a minute. To avoid file name collisions (two log files created during the same minute interval), the log info does not roll over more than once per minute. Instead, the log file size is ignored until the minute precision clock changes to ensure that log files have unique file names. No log data is lost.

76

Logging

September 2005

Image 88

Contents RSA Radius Server 6.1 Administrator’s Guide Contact Information Trademarks Distribution Contents Chapter Installing the RSA Radius Server Chapter Administering Profiles Glossary Index Audience About This GuideWhat’s In This Manual Syntax Conventions Related Documentation RSA Radius Server DocumentationVendor Information Requests for Comments RFCsThird-Party Products Getting Support and ServiceBefore You Call for Customer Support RSA Radius Server Features About RSA Radius ServerRSA Radius Server Overview About RSA Radius Server SeptemberRSA Radius Authentication Radius Packets Radius Server Configuration Radius ConfigurationRadius Client Configuration Shared Secrets RadiusReplication Secret Radius SecretNode Secret Authentication Radius PortsAccounting Accounting Sequence Comma-Delimited Log FilesTunneled Accounting Attributes DictionariesVendor-Specific Attributes Make/Model FieldAttribute Lists Checklist AttributesUpdating Attribute Information Return List Attributes Attribute ValuesMulti-Valued Attributes Default Values Orderable AttributesSystem Assigned Values Echo PropertyCentralized Configuration Management Replacing a Replica Radius Server Designating a New Primary Radius ServerRecovering a Replica After a Failed Download Changing the Name or IP Address of a ServerInstalling the RSA Radius Server Before You BeginRequired Files Data Migration/RegistrationInstalling on Windows System RequirementsInstalling the RSA Radius Server If you are installing a Replica RSA Radius Server, clickUninstalling the RSA Radius Server Software Installing on Solaris Installer SyntaxPath Installing the RSA Radius Server Software ReppkgEnter RSA administration port Stopping and Starting the Radius Daemon Migration Log File Installing on Linux Linux Server System RequirementsShould be overwritten Installing the RSA Radius Server Software Enter RSA administration port Etc/init.d/sbrd stop # ./uninstallrsa.sh Using RSA Radius Administrator Running RSA Radius AdministratorRSA Radius Administrator Menus Navigating in RSA Radius AdministratorFile Menu See , Administering Radius Clients on Panel MenuWeb Menu RSA Radius Administrator ToolbarHelp Menu RSA Radius Administrator Windows Adding an EntryEditing an Entry Sample Add WindowCutting/Copying/Pasting Records Sample Edit WindowUsing Context Menus Resizing ColumnsChanging Column Sequence Sorting InformationDisplaying Version Information Accessing Online HelpAdding a License Key Exiting the RSA Radius Administrator Add a License for Server WindowAdministering Radius Clients Radius Clients PanelAdding a Radius Client Add Radius Client WindowSecret to display the characters in the shared secret Verifying a Shared Secret Deleting a Radius ClientPage Administering Radius Clients September Adding a Checklist or Return List Attribute for a Profile Administering ProfilesAbout Profiles Default Profile Resolving Profile and User AttributesSetting Up Profiles Adding a ProfileClick Add to add this attribute/value pair to the list Removing a Profile Administering Profiles September Displaying Server Authentication Statistics Displaying StatisticsStatistics Panel System Authentication Statistics Radius client is sending incorrectly formed packets to Displaying Server Accounting Statistics Statistics Panel System Accounting StatisticsAccounting Statistic Meaning Resetting Server Statistics Displaying Radius Client StatisticsOptionally, sort the messages by clicking a column header Displaying Statistics September Administering Radius Servers Replication Panel Adding a Radius Server ManuallyAdd Server Window Enabling a Radius Server Deleting a Radius ServerPublishing Server Configuration Information Notifying Replica Radius ServersRecovering a Replica After a Failed Download Designating a New Primary Radius ServerChanging the Name or IP Address of a Server Regenerating a Node Secret Resetting the Radius Database Administering Radius Servers September Logging Using the Radius System LogLogging Files Level of Logging Detail Controlling Log File SizeUsing the Accounting Log Accounting Log File FormatFirst Line Headings Comma PlaceholdersStandard Radius Accounting Attributes Acct-Status-TypeAcct-Input-Packets Ldap Configuration Interface File P e n d i x aAbout the Ldap Configuration Interface Ldap UtilitiesLdap Requests Downloading the Ldap UtilitiesConfiguring the Ldap TCP Port Ldap Version ComplianceLdap Virtual Schema Available AttributesLdap Schema Slide 2 Ldap Schema Slide 3 Cn=username,o=radius -w passcode cachedPW Unspecified or 0.0.0.0 RAS IP address When you display Ldap Command Examples Searching for RecordsModifying Records Ldapmodify Option MeaningWhere Adding Records Deleting Records Counter Statistics Statistics VariablesStattype server Stattype authentication Stattype accountingRate Statistics Using the Ldap Configuration Interface September Glossary AAADNS Tokencode Radius Servers TLS 104 Glossary September Index Tokencode