SlideShare a Scribd company logo

FreeRADIUS, eduroam logging and Elasticsearch

M
MatthewNewton28

A talk given at the pre-Networkshop46 eduroam FreeRADIUS4 seminar, University of Liverpool, 26 March 2018. Topics covered: - eduroam logging requirements (specifically in the UK) - Suggestions on FreeRADIUS config - Latency measurements - Logging topologies - FreeRADIUS configuration for logging to Elasticsearch, including via logstash, redis, and direct from FreeRADIUS. Full talk at https://youtu.be/mER_HUMB7l0

Technology
1 of 29
Download to read offline
FreeRADIUS and eduroam logging Matthew Ntewton
We need all the logs.
Do we need all the logs?
Just keep authentiaton logs, right?
Keep fewer logs. – where possible
v2: Matih EAP Identty
authorize { if (EAP-Message =~ /^0x02 . . . . . . 01/) { linelog } ... }
v4: &session-state:
recv Access-Request { if (!&session-state:) { linelog } ... }
recv Access-Request { if (!&session-state:) { update session-state { Tmp-Integer64-1 := "%{expr:(%c*1000) + (%C/1000)}" } linelog } ... }
server inner-tunnel { send Access-Accept { update outer.session-state { User-Name := &User-Name } } }
send Access-Accept { update { control:Tmp-String-1 := “accept” session-state:Tmp-Integer64-2 := "%{expr:(%c*1000) + (%C/1000)}" } update control { Tmp-Integer64-1 := "%{expr:&session-state:Tmp-Integer64-2 - &session-state:Tmp-Integer64-1}" } linelog }
default server recv Access-Request → check session-state, log request send Access-Accept → log accept send Access-Reject → log reject inner-tunnel send Access-Accept → update session-state send Access-Reject → update session-state
%T → tme in ISO8601 date format control:Tmp-String-1 → “request”, “accept” or “reject” session-state:Module-Failure-Message → inner reject reason request:User-Name → outer User-Name request:Calling-Staton-Id → Calling-Staton-Id request:Operator-Name → operator name session-state:User-Name → inner User-Name control:Tmp-Integer64-1 → total auth tme in ms
input { file { path => "/path/to/radius/detail/file" start_positon => "beginning" type => radiusdetail codec => multline { pattern => "^t" negate => false what => "previous" } } }
if ("%{redis:LPUSH radius:event '{"tmestamp":"%T", "type":"%{control:Tmp-String-1}", "Outer-User-Name":"%{jsonquote:%{User-Name}}", "User-Name":"%{jsonquote:%{session-state:User-Name}}", "Calling-Staton-Id":"%{jsonquote:%{Calling-Staton-Id}}", "latency":"%{control:Tmp-Integer64-1}" %}'}") { noop }
input { redis { host => "localhost" port => "6379" data_type => "list" key => "radius:event" threads => 2 codec => "json" type => "radius" } }
authorize { uri = "${..connect_uri}/radius/_doc/" method = 'post' body = 'json' force_to = 'plain' data = '{"tmestamp":"%T", "type":"%{control:Tmp-String-1}", "Outer-User-Name":"%{jsonquote:%{User-Name}}", "Calling-Staton-Id":"%{jsonquote:%{Calling-Staton-Id}}", "Called-Staton-Id":"%{jsonquote:%{Called-Staton-Id}}"}', "latency":"%{control:Tmp-Integer64-1}" }
{ "_index" : "radius", "_type" : "_doc", "_id" : "Dcr4XWIBag7SnI-grLNi", "_version" : 1, "result" : "created", "_shards": { "total":2, "successful":1, "failed":0 }, "_seq_no" : 4578, "_primary_term" : 3 }
rest map json &REST-HTTP-Body { &Tmp-String-2 := "$.result" &Tmp-Integer-1 := "$._shards.total" &Tmp-Integer-2 := "$._shards.successful" &Tmp-Integer-3 := "$._shards.failed" } if (&control:Tmp-String-2 != "created" ) { ... }
https://wiki.freeradius.org/guide/eduroam
FreeRADIUS, eduroam logging and Elasticsearch

Recommended

0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutionsVlad Garbuz
 
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Arduino Aficionado
 
How to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsHow to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsDigitalOcean
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
minor final
minor finalminor final
minor finalJaskaran Singh
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2Pradeep Kumar TS
 
Ns network simulator
Ns network simulatorNs network simulator
Ns network simulatorDr. Edwin Hernandez
 
Intro KaKao MRTE (MySQL Realtime Traffic Emulator)
Intro KaKao MRTE (MySQL Realtime Traffic Emulator)Intro KaKao MRTE (MySQL Realtime Traffic Emulator)
Intro KaKao MRTE (MySQL Realtime Traffic Emulator)I Goo Lee
 

Recommended

0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutionsVlad Garbuz
 
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Arduino Aficionado
 
How to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsHow to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsDigitalOcean
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
minor final
minor finalminor final
minor finalJaskaran Singh
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2Pradeep Kumar TS
 
Ns network simulator
Ns network simulatorNs network simulator
Ns network simulatorDr. Edwin Hernandez
 
Intro KaKao MRTE (MySQL Realtime Traffic Emulator)
Intro KaKao MRTE (MySQL Realtime Traffic Emulator)Intro KaKao MRTE (MySQL Realtime Traffic Emulator)
Intro KaKao MRTE (MySQL Realtime Traffic Emulator)I Goo Lee
 
Improved alerting with Prometheus and Alertmanager
Improved alerting with Prometheus and AlertmanagerImproved alerting with Prometheus and Alertmanager
Improved alerting with Prometheus and AlertmanagerJulien Pivotto
 
Ns 2 Network Simulator An Introduction
Ns 2 Network Simulator An IntroductionNs 2 Network Simulator An Introduction
Ns 2 Network Simulator An IntroductionJaipur National University, Jaipur, Rajasthan, India
 
Working with NS2
Working with NS2Working with NS2
Working with NS2chanchal214
 
I know what your packet did last hop using packet histories to troubleshoot...
I know what your packet did last hop using packet histories to troubleshoot...I know what your packet did last hop using packet histories to troubleshoot...
I know what your packet did last hop using packet histories to troubleshoot...承達 蔡
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utilityVishal Kumar
 
Taming Cloud APIs with Swift
Taming Cloud APIs with SwiftTaming Cloud APIs with Swift
Taming Cloud APIs with SwiftTim Burks
 
DPNHTW
DPNHTWDPNHTW
DPNHTWmetaldart
 
Monitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachineMonitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachineWooga
 
libpcap
libpcaplibpcap
libpcapmohan43u
 
Prometheus Storage
Prometheus StoragePrometheus Storage
Prometheus StorageFabian Reinartz
 
RabbitMQ for Perl mongers
RabbitMQ for Perl mongersRabbitMQ for Perl mongers
RabbitMQ for Perl mongersLenz Gschwendtner
 
NS-2 Tutorial
NS-2 TutorialNS-2 Tutorial
NS-2 Tutorialcode453
 
OpenCanary and Canary Tokens
OpenCanary and Canary TokensOpenCanary and Canary Tokens
OpenCanary and Canary TokensMats Karlsson
 
Multithreaded programming
Multithreaded programmingMultithreaded programming
Multithreaded programmingSonam Sharma
 
OSMC 2014: Monitoring VoIP Systems | Sebastian Damm
OSMC 2014: Monitoring VoIP Systems | Sebastian DammOSMC 2014: Monitoring VoIP Systems | Sebastian Damm
OSMC 2014: Monitoring VoIP Systems | Sebastian DammNETWAYS
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2AAKASH S
 
Владимир Перепелица "Модули"
Владимир Перепелица "Модули"Владимир Перепелица "Модули"
Владимир Перепелица "Модули"Media Gorod
 
Vapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymoreVapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymoreMilan Vít
 
RestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message QueueRestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message QueueGleicon Moraes
 
Cassandra 2.1 boot camp, Overview
Cassandra 2.1 boot camp, OverviewCassandra 2.1 boot camp, Overview
Cassandra 2.1 boot camp, OverviewJoshua McKenzie
 
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers Pycon - Python for ethical hackers
Pycon - Python for ethical hackers Mohammad Reza Kamalifard
 
Streaming Way to Webscale: How We Scale Bitly via Streaming
Streaming Way to Webscale: How We Scale Bitly via StreamingStreaming Way to Webscale: How We Scale Bitly via Streaming
Streaming Way to Webscale: How We Scale Bitly via StreamingAll Things Open
 

More Related Content

What's hot

Improved alerting with Prometheus and Alertmanager
Improved alerting with Prometheus and AlertmanagerImproved alerting with Prometheus and Alertmanager
Improved alerting with Prometheus and AlertmanagerJulien Pivotto
 
Working with NS2
Working with NS2Working with NS2
Working with NS2chanchal214
 
I know what your packet did last hop using packet histories to troubleshoot...
I know what your packet did last hop using packet histories to troubleshoot...I know what your packet did last hop using packet histories to troubleshoot...
I know what your packet did last hop using packet histories to troubleshoot...承達 蔡
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utilityVishal Kumar
 
Taming Cloud APIs with Swift
Taming Cloud APIs with SwiftTaming Cloud APIs with Swift
Taming Cloud APIs with SwiftTim Burks
 
Monitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachineMonitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachineWooga
 
NS-2 Tutorial
NS-2 TutorialNS-2 Tutorial
NS-2 Tutorialcode453
 
OpenCanary and Canary Tokens
OpenCanary and Canary TokensOpenCanary and Canary Tokens
OpenCanary and Canary TokensMats Karlsson
 
Multithreaded programming
Multithreaded programmingMultithreaded programming
Multithreaded programmingSonam Sharma
 
OSMC 2014: Monitoring VoIP Systems | Sebastian Damm
OSMC 2014: Monitoring VoIP Systems | Sebastian DammOSMC 2014: Monitoring VoIP Systems | Sebastian Damm
OSMC 2014: Monitoring VoIP Systems | Sebastian DammNETWAYS
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2AAKASH S
 
Владимир Перепелица "Модули"
Владимир Перепелица "Модули"Владимир Перепелица "Модули"
Владимир Перепелица "Модули"Media Gorod
 
Vapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymoreVapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymoreMilan Vít
 

What's hot (18)

Improved alerting with Prometheus and Alertmanager
Improved alerting with Prometheus and AlertmanagerImproved alerting with Prometheus and Alertmanager
Improved alerting with Prometheus and Alertmanager
 
Ns 2 Network Simulator An Introduction
Ns 2 Network Simulator An IntroductionNs 2 Network Simulator An Introduction
Ns 2 Network Simulator An Introduction
 
Working with NS2
Working with NS2Working with NS2
Working with NS2
 
I know what your packet did last hop using packet histories to troubleshoot...
I know what your packet did last hop using packet histories to troubleshoot...I know what your packet did last hop using packet histories to troubleshoot...
I know what your packet did last hop using packet histories to troubleshoot...
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
 
Taming Cloud APIs with Swift
Taming Cloud APIs with SwiftTaming Cloud APIs with Swift
Taming Cloud APIs with Swift
 
DPNHTW
DPNHTWDPNHTW
DPNHTW
 
Monitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachineMonitoring with Syslog and EventMachine
Monitoring with Syslog and EventMachine
 
libpcap
libpcaplibpcap
libpcap
 
Prometheus Storage
Prometheus StoragePrometheus Storage
Prometheus Storage
 
RabbitMQ for Perl mongers
RabbitMQ for Perl mongersRabbitMQ for Perl mongers
RabbitMQ for Perl mongers
 
NS-2 Tutorial
NS-2 TutorialNS-2 Tutorial
NS-2 Tutorial
 
OpenCanary and Canary Tokens
OpenCanary and Canary TokensOpenCanary and Canary Tokens
OpenCanary and Canary Tokens
 
Multithreaded programming
Multithreaded programmingMultithreaded programming
Multithreaded programming
 
OSMC 2014: Monitoring VoIP Systems | Sebastian Damm
OSMC 2014: Monitoring VoIP Systems | Sebastian DammOSMC 2014: Monitoring VoIP Systems | Sebastian Damm
OSMC 2014: Monitoring VoIP Systems | Sebastian Damm
 
Network simulator 2
Network simulator 2Network simulator 2
Network simulator 2
 
Владимир Перепелица "Модули"
Владимир Перепелица "Модули"Владимир Перепелица "Модули"
Владимир Перепелица "Модули"
 
Vapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymoreVapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymore
 

Similar to FreeRADIUS, eduroam logging and Elasticsearch

RestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message QueueRestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message QueueGleicon Moraes
 
Cassandra 2.1 boot camp, Overview
Cassandra 2.1 boot camp, OverviewCassandra 2.1 boot camp, Overview
Cassandra 2.1 boot camp, OverviewJoshua McKenzie
 
Streaming Way to Webscale: How We Scale Bitly via Streaming
Streaming Way to Webscale: How We Scale Bitly via StreamingStreaming Way to Webscale: How We Scale Bitly via Streaming
Streaming Way to Webscale: How We Scale Bitly via StreamingAll Things Open
 
Non-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.jsNon-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.jsMarcus Frödin
 
MultiClient chatting berbasis gambar
MultiClient chatting berbasis gambarMultiClient chatting berbasis gambar
MultiClient chatting berbasis gambaryoyomay93
 
9:40 am InfluxDB 2.0 and Flux – The Road Ahead Paul Dix, Founder and CTO | ...
9:40 am InfluxDB 2.0 and Flux – The Road Ahead Paul Dix, Founder and CTO | ... 9:40 am InfluxDB 2.0 and Flux – The Road Ahead Paul Dix, Founder and CTO | ...
9:40 am InfluxDB 2.0 and Flux – The Road Ahead Paul Dix, Founder and CTO | ...InfluxData
 
MessagePack Rakuten Technology Conference 2010
MessagePack Rakuten Technology Conference 2010MessagePack Rakuten Technology Conference 2010
MessagePack Rakuten Technology Conference 2010Sadayuki Furuhashi
 
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이GangSeok Lee
 
Flux and InfluxDB 2.0 by Paul Dix
Flux and InfluxDB 2.0 by Paul DixFlux and InfluxDB 2.0 by Paul Dix
Flux and InfluxDB 2.0 by Paul DixInfluxData
 
Samza at LinkedIn
Samza at LinkedInSamza at LinkedIn
Samza at LinkedInVenu Ryali
 
Message Queuing on a Large Scale: IMVUs stateful real-time message queue for ...
Message Queuing on a Large Scale: IMVUs stateful real-time message queue for ...Message Queuing on a Large Scale: IMVUs stateful real-time message queue for ...
Message Queuing on a Large Scale: IMVUs stateful real-time message queue for ...Jon Watte
 
Formal Verification of Transactional Interaction Contract
Formal Verification of Transactional Interaction ContractFormal Verification of Transactional Interaction Contract
Formal Verification of Transactional Interaction ContractGera Shegalov
 
Fast HTTP string processing algorithms
Fast HTTP string processing algorithmsFast HTTP string processing algorithms
Fast HTTP string processing algorithmsAlexander Krizhanovsky
 
Lecture 5
Lecture 5Lecture 5
Lecture 5ntpc08
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemSneha Inguva
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...Docker, Inc.
 
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...Data Con LA
 
8 Minutes On Rack
8 Minutes On Rack8 Minutes On Rack
8 Minutes On Rackdanwrong
 

Similar to FreeRADIUS, eduroam logging and Elasticsearch (20)

RestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message QueueRestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message Queue
 
Cassandra 2.1 boot camp, Overview
Cassandra 2.1 boot camp, OverviewCassandra 2.1 boot camp, Overview
Cassandra 2.1 boot camp, Overview
 
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers Pycon - Python for ethical hackers
Pycon - Python for ethical hackers
 
Streaming Way to Webscale: How We Scale Bitly via Streaming
Streaming Way to Webscale: How We Scale Bitly via StreamingStreaming Way to Webscale: How We Scale Bitly via Streaming
Streaming Way to Webscale: How We Scale Bitly via Streaming
 
Non-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.jsNon-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.js
 
MultiClient chatting berbasis gambar
MultiClient chatting berbasis gambarMultiClient chatting berbasis gambar
MultiClient chatting berbasis gambar
 
9:40 am InfluxDB 2.0 and Flux – The Road Ahead Paul Dix, Founder and CTO | ...
9:40 am InfluxDB 2.0 and Flux – The Road Ahead Paul Dix, Founder and CTO | ... 9:40 am InfluxDB 2.0 and Flux – The Road Ahead Paul Dix, Founder and CTO | ...
9:40 am InfluxDB 2.0 and Flux – The Road Ahead Paul Dix, Founder and CTO | ...
 
MessagePack Rakuten Technology Conference 2010
MessagePack Rakuten Technology Conference 2010MessagePack Rakuten Technology Conference 2010
MessagePack Rakuten Technology Conference 2010
 
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
 
Flux and InfluxDB 2.0 by Paul Dix
Flux and InfluxDB 2.0 by Paul DixFlux and InfluxDB 2.0 by Paul Dix
Flux and InfluxDB 2.0 by Paul Dix
 
Puppet Camp 2012
Puppet Camp 2012Puppet Camp 2012
Puppet Camp 2012
 
Samza at LinkedIn
Samza at LinkedInSamza at LinkedIn
Samza at LinkedIn
 
Message Queuing on a Large Scale: IMVUs stateful real-time message queue for ...
Message Queuing on a Large Scale: IMVUs stateful real-time message queue for ...Message Queuing on a Large Scale: IMVUs stateful real-time message queue for ...
Message Queuing on a Large Scale: IMVUs stateful real-time message queue for ...
 
Formal Verification of Transactional Interaction Contract
Formal Verification of Transactional Interaction ContractFormal Verification of Transactional Interaction Contract
Formal Verification of Transactional Interaction Contract
 
Fast HTTP string processing algorithms
Fast HTTP string processing algorithmsFast HTTP string processing algorithms
Fast HTTP string processing algorithms
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
 
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
Big Data Day LA 2016/ Hadoop/ Spark/ Kafka track - Data Provenance Support in...
 
8 Minutes On Rack
8 Minutes On Rack8 Minutes On Rack
8 Minutes On Rack
 

Recently uploaded

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

FreeRADIUS, eduroam logging and Elasticsearch

  • 1. FreeRADIUS and eduroam logging Matthew Ntewton
  • 2. We need all the logs.
  • 3. Do we need all the logs?
  • 4. Just keep authentiaton logs, right?
  • 5. Keep fewer logs. – where possible
  • 6. v2: Matih EAP Identty
  • 7. authorize { if (EAP-Message =~ /^0x02 . . . . . . 01/) { linelog } ... }
  • 9. recv Access-Request { if (!&session-state:) { linelog } ... }
  • 10. recv Access-Request { if (!&session-state:) { update session-state { Tmp-Integer64-1 := "%{expr:(%c*1000) + (%C/1000)}" } linelog } ... }
  • 11. server inner-tunnel { send Access-Accept { update outer.session-state { User-Name := &User-Name } } }
  • 12. send Access-Accept { update { control:Tmp-String-1 := “accept” session-state:Tmp-Integer64-2 := "%{expr:(%c*1000) + (%C/1000)}" } update control { Tmp-Integer64-1 := "%{expr:&session-state:Tmp-Integer64-2 - &session-state:Tmp-Integer64-1}" } linelog }
  • 13. default server recv Access-Request → check session-state, log request send Access-Accept → log accept send Access-Reject → log reject inner-tunnel send Access-Accept → update session-state send Access-Reject → update session-state
  • 14. %T → tme in ISO8601 date format control:Tmp-String-1 → “request”, “accept” or “reject” session-state:Module-Failure-Message → inner reject reason request:User-Name → outer User-Name request:Calling-Staton-Id → Calling-Staton-Id request:Operator-Name → operator name session-state:User-Name → inner User-Name control:Tmp-Integer64-1 → total auth tme in ms
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. input { file { path => "/path/to/radius/detail/file" start_positon => "beginning" type => radiusdetail codec => multline { pattern => "^t" negate => false what => "previous" } } }
  • 20.
  • 21. if ("%{redis:LPUSH radius:event '{"tmestamp":"%T", "type":"%{control:Tmp-String-1}", "Outer-User-Name":"%{jsonquote:%{User-Name}}", "User-Name":"%{jsonquote:%{session-state:User-Name}}", "Calling-Staton-Id":"%{jsonquote:%{Calling-Staton-Id}}", "latency":"%{control:Tmp-Integer64-1}" %}'}") { noop }
  • 22. input { redis { host => "localhost" port => "6379" data_type => "list" key => "radius:event" threads => 2 codec => "json" type => "radius" } }
  • 23.
  • 24. authorize { uri = "${..connect_uri}/radius/_doc/" method = 'post' body = 'json' force_to = 'plain' data = '{"tmestamp":"%T", "type":"%{control:Tmp-String-1}", "Outer-User-Name":"%{jsonquote:%{User-Name}}", "Calling-Staton-Id":"%{jsonquote:%{Calling-Staton-Id}}", "Called-Staton-Id":"%{jsonquote:%{Called-Staton-Id}}"}', "latency":"%{control:Tmp-Integer64-1}" }
  • 25. { "_index" : "radius", "_type" : "_doc", "_id" : "Dcr4XWIBag7SnI-grLNi", "_version" : 1, "result" : "created", "_shards": { "total":2, "successful":1, "failed":0 }, "_seq_no" : 4578, "_primary_term" : 3 }
  • 26. rest map json &REST-HTTP-Body { &Tmp-String-2 := "$.result" &Tmp-Integer-1 := "$._shards.total" &Tmp-Integer-2 := "$._shards.successful" &Tmp-Integer-3 := "$._shards.failed" } if (&control:Tmp-String-2 != "created" ) { ... }
  • 27.