Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # -*- text -*- |
| 2 | # |
| 3 | # $Id: f235eb9a0ab4de42f773f3aea3810d1dcde99bd1 $ |
| 4 | |
| 5 | # Write a detailed log of all accounting records received. |
| 6 | # |
| 7 | detail { |
| 8 | # Note that we do NOT use NAS-IP-Address here, as |
| 9 | # that attribute MAY BE from the originating NAS, and |
| 10 | # NOT from the proxy which actually sent us the |
| 11 | # request. |
| 12 | # |
| 13 | # The following line creates a new detail file for |
| 14 | # every radius client (by IP address or hostname). |
| 15 | # In addition, a new detail file is created every |
| 16 | # day, so that the detail file doesn't have to go |
| 17 | # through a 'log rotation' |
| 18 | # |
| 19 | # If your detail files are large, you may also want |
| 20 | # to add a ':%H' (see doc/variables.txt) to the end |
| 21 | # of it, to create a new detail file every hour, e.g.: |
| 22 | # |
| 23 | # ..../detail-%Y%m%d:%H |
| 24 | # |
| 25 | # This will create a new detail file for every hour. |
| 26 | # |
| 27 | # If you are reading detail files via the "listen" section |
| 28 | # (e.g. as in raddb/sites-available/robust-proxy-accounting), |
| 29 | # you MUST use a unique directory for each combination of a |
| 30 | # detail file writer, and reader. That is, there can only |
| 31 | # be ONE "listen" section reading detail files from a |
| 32 | # particular directory. |
| 33 | # |
| 34 | filename = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d |
| 35 | |
| 36 | # |
| 37 | # If you are using radrelay, delete the above line for "file", |
| 38 | # and use this one instead: |
| 39 | # |
| 40 | # filename = ${radacctdir}/detail |
| 41 | |
| 42 | # |
| 43 | # The Unix-style permissions on the 'detail' file. |
| 44 | # |
| 45 | # The detail file often contains secret or private |
| 46 | # information about users. So by keeping the file |
| 47 | # permissions restrictive, we can prevent unwanted |
| 48 | # people from seeing that information. |
| 49 | permissions = 0600 |
| 50 | |
| 51 | # The Unix group of the log file. |
| 52 | # |
| 53 | # The user that the server runs as must be in the specified |
| 54 | # system group otherwise this will fail to work. |
| 55 | # |
| 56 | # group = ${security.group} |
| 57 | |
| 58 | # |
| 59 | # Every entry in the detail file has a header which |
| 60 | # is a timestamp. By default, we use the ctime |
| 61 | # format (see "man ctime" for details). |
| 62 | # |
| 63 | # The header can be customised by editing this |
| 64 | # string. See "doc/variables.txt" for a description |
| 65 | # of what can be put here. |
| 66 | # |
| 67 | header = "%t" |
| 68 | |
| 69 | # |
| 70 | # Uncomment this line if the detail file reader will be |
| 71 | # reading this detail file. |
| 72 | # |
| 73 | # locking = yes |
| 74 | |
| 75 | # |
| 76 | # Log the Packet src/dst IP/port. This is disabled by |
| 77 | # default, as that information isn't used by many people. |
| 78 | # |
| 79 | # log_packet_header = yes |
| 80 | |
| 81 | # |
| 82 | # Certain attributes such as User-Password may be |
| 83 | # "sensitive", so they should not be printed in the |
| 84 | # detail file. This section lists the attributes |
| 85 | # that should be suppressed. |
| 86 | # |
| 87 | # The attributes should be listed one to a line. |
| 88 | # |
| 89 | #suppress { |
| 90 | # User-Password |
| 91 | #} |
| 92 | |
| 93 | } |