Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # -*- text -*- |
| 2 | ###################################################################### |
| 3 | # |
| 4 | # A virtual server to handle ONLY Status-Server packets. |
| 5 | # |
| 6 | # Server statistics can be queried with a properly formatted |
| 7 | # Status-Server request. See dictionary.freeradius for comments. |
| 8 | # |
| 9 | # If radiusd.conf has "status_server = yes", then any client |
| 10 | # will be able to send a Status-Server packet to any port |
| 11 | # (listen section type "auth", "acct", or "status"), and the |
| 12 | # server will respond. |
| 13 | # |
| 14 | # If radiusd.conf has "status_server = no", then the server will |
| 15 | # ignore Status-Server packets to "auth" and "acct" ports. It |
| 16 | # will respond only if the Status-Server packet is sent to a |
| 17 | # "status" port. |
| 18 | # |
| 19 | # The server statistics are available ONLY on socket of type |
| 20 | # "status". Queries for statistics sent to any other port |
| 21 | # are ignored. |
| 22 | # |
| 23 | # Similarly, a socket of type "status" will not process |
| 24 | # authentication or accounting packets. This is for security. |
| 25 | # |
| 26 | # $Id: e7d4346310b837d56bffe4c991b4e5680742ebc0 $ |
| 27 | # |
| 28 | ###################################################################### |
| 29 | |
| 30 | server status { |
| 31 | listen { |
| 32 | # ONLY Status-Server is allowed to this port. |
| 33 | # ALL other packets are ignored. |
| 34 | type = status |
| 35 | |
| 36 | ipaddr = 127.0.0.1 |
| 37 | port = 18121 |
| 38 | } |
| 39 | |
| 40 | # |
| 41 | # We recommend that you list ONLY management clients here. |
| 42 | # i.e. NOT your NASes or Access Points, and for an ISP, |
| 43 | # DEFINITELY not any RADIUS servers that are proxying packets |
| 44 | # to you. |
| 45 | # |
| 46 | # If you do NOT list a client here, then any client that is |
| 47 | # globally defined (i.e. all of them) will be able to query |
| 48 | # these statistics. |
| 49 | # |
| 50 | # Do you really want your partners seeing the internal details |
| 51 | # of what your RADIUS server is doing? |
| 52 | # |
| 53 | client admin { |
| 54 | ipaddr = 127.0.0.1 |
| 55 | secret = adminsecret |
| 56 | } |
| 57 | |
| 58 | # |
| 59 | # Simple authorize section. The "Autz-Type Status-Server" |
| 60 | # section will work here, too. See "raddb/sites-available/default". |
| 61 | authorize { |
| 62 | ok |
| 63 | |
| 64 | # respond to the Status-Server request. |
| 65 | Autz-Type Status-Server { |
| 66 | ok |
| 67 | } |
| 68 | } |
| 69 | } |
| 70 | |
| 71 | # Statistics can be queried via a number of methods: |
| 72 | # |
| 73 | # All packets received/sent by the server (1 = auth, 2 = acct) |
| 74 | # FreeRADIUS-Statistics-Type = 3 |
| 75 | # |
| 76 | # All packets proxied by the server (4 = proxy-auth, 8 = proxy-acct) |
| 77 | # FreeRADIUS-Statistics-Type = 12 |
| 78 | # |
| 79 | # All packets sent && received: |
| 80 | # FreeRADIUS-Statistics-Type = 15 |
| 81 | # |
| 82 | # Internal server statistics: |
| 83 | # FreeRADIUS-Statistics-Type = 16 |
| 84 | # |
| 85 | # All packets for a particular client (globally defined) |
| 86 | # FreeRADIUS-Statistics-Type = 35 |
| 87 | # FreeRADIUS-Stats-Client-IP-Address = 192.0.2.1 |
| 88 | # |
| 89 | # All packets for a client attached to a "listen" ip/port |
| 90 | # FreeRADIUS-Statistics-Type = 35 |
| 91 | # FreeRADIUS-Stats-Client-IP-Address = 192.0.2.1 |
| 92 | # FreeRADIUS-Stats-Server-IP-Address = 127.0.0.1 |
| 93 | # FreeRADIUS-Stats-Server-Port = 1812 |
| 94 | # |
| 95 | # All packets for a "listen" IP/port |
| 96 | # FreeRADIUS-Statistics-Type = 67 |
| 97 | # FreeRADIUS-Stats-Server-IP-Address = 127.0.0.1 |
| 98 | # FreeRADIUS-Stats-Server-Port = 1812 |
| 99 | # |
| 100 | # All packets for a home server IP / port |
| 101 | # FreeRADIUS-Statistics-Type = 131 |
| 102 | # FreeRADIUS-Stats-Server-IP-Address = 192.0.2.2 |
| 103 | # FreeRADIUS-Stats-Server-Port = 1812 |
| 104 | |
| 105 | # |
| 106 | # You can also get exponentially weighted moving averages of |
| 107 | # response times (in usec) of home servers. Just set the config |
| 108 | # item "historic_average_window" in a home_server section. |
| 109 | # |
| 110 | # By default it is zero (don't calculate it). Useful values |
| 111 | # are between 100, and 10,000. The server will calculate and |
| 112 | # remember the moving average for this window, and for 10 times |
| 113 | # that window. |
| 114 | # |
| 115 | |
| 116 | # |
| 117 | # Some of this could have been simplified. e.g. the proxy-auth and |
| 118 | # proxy-acct bits aren't completely necessary. But using them permits |
| 119 | # the server to be queried for ALL inbound && outbound packets at once. |
| 120 | # This gives a good snapshot of what the server is doing. |
| 121 | # |
| 122 | # Due to internal limitations, the statistics might not be exactly up |
| 123 | # to date. Do not expect all of the numbers to add up perfectly. |
| 124 | # The Status-Server packets are also counted in the total requests && |
| 125 | # responses. The responses are counted only AFTER the response has |
| 126 | # been sent. |
| 127 | # |