Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
RADIUS log parsing
- Thread starter NewBoy
- Start date
If you can post an example of what the log file looks like and tell us how you need to group the data we can come up with something. Tracy Dryden
tracy@bydisn.com
Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.
tracy@bydisn.com
Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.
- Thread starter
- #3
Hi Tracy (and others),
You're absolutely right - should have given more info. Office was a bit hectic yesterday :?)
The log file is a mixture of logs from a Cistron RADIUS daemon, and an Ascend RADIUS daemon. For each user connection, there should be a start record and a stop record.
Apologies for the length of this post. Also, I have masked client-specific data.
Cistron start record:
From 111.222.333.444 logged on auth-01.th.ifl.net:
Sat Aug 4 23:03:56 2001
NAS-IP-Address = 444.333.222.111
NAS-Port-Id = 20400
NAS-Port-Type = ISDN
User-Name = "blahblahblah"
Called-Station-Id = "9876543210"
Calling-Station-Id = "0123456789"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "001CF455"
Framed-Protocol = PPP
Acct-Delay-Time = 0
Timestamp = 996966236
Request-Authenticator = Verified
Cistron stop record:
From 222.333.444.555 logged on auth-01.th.ifl.net:
Sat Aug 4 22:59:50 2001
NAS-IP-Address = 555.444.333.222
NAS-Port-Id = 191
NAS-Port-Type = 5
User-Name = "yadahyadah"
Called-Station-Id = "887766554411"
Calling-Station-Id = "1212121212"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "0013AFC1"
Framed-Protocol = PPP
Acct-Link-Count = 4
Ascend-Num-In-Multilink = 2
Framed-IP-Address = 62.170.185.137
Acct-Multi-Session-Id = "684648"
Ascend-Disconnect-Cause = 45
Ascend-Pre-Input-Octets = 58
Ascend-Pre-Output-Octets = 61
Ascend-Pre-Input-Packets = 2
Ascend-Pre-Output-Packets = 3
Acct-Input-Octets = 8
Acct-Output-Octets = 8
Acct-Input-Packets = 1
Acct-Output-Packets = 1
Ascend-PreSession-Time = 0
Acct-Session-Time = 2
Ascend-Data-Rate = 64000
Ascend-Xmit-Rate = 64000
Ascend-Multilink-ID = 684648
Acct-Delay-Time = 0
Timestamp = 996965990
Request-Authenticator = Verified
Ascend Start record:
From 194.238.50.134 logged on auth-01.ps.ifl.net:
Sat Aug 4 23:07:12 2001
User-Name = "36650"
NAS-Identifier = 194.238.50.134
NAS-Port = 1116
NAS-Port-Type = Sync
Acct-Status-Type = Start
Acct-Delay-Time = 0
Acct-Session-Id = "328361763"
Acct-Authentic = RADIUS
Ascend-Multilink-ID = 847704641
Ascend-Num-In-Multilink = 1
Ascend-Modem-PortNo = 172
Ascend-Modem-SlotNo = 5
Ascend-Modem-ShelfNo = 1
Caller-Id = "02088916538"
Client-Port-DNIS = "08207210023"
Framed-Protocol = MP
Framed-Address = 212.132.209.129
Ascend Stop record:
From 194.238.50.134 logged on auth-01.ps.ifl.net:
Sat Aug 4 23:07:00 2001
User-Name = "34234"
NAS-Identifier = 194.238.50.134
NAS-Port = 63
NAS-Port-Type = Sync
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Session-Id = "328359298"
Acct-Authentic = RADIUS
Acct-Session-Time = 85939
Acct-Input-Octets = 1555741
Acct-Output-Octets = 2339488
Acct-Input-Packets = 15848
Acct-Output-Packets = 28701
Ascend-Disconnect-Cause = 45
Ascend-Connect-Progress = 60
Ascend-Xmit-Rate = 64000
Ascend-Data-Rate = 64000
Ascend-PreSession-Time = 1
Ascend-Pre-Input-Octets = 148
Ascend-Pre-Output-Octets = 211
Ascend-Pre-Input-Packets = 8
Ascend-Pre-Output-Packets = 9
Ascend-First-Dest = 213.18.254.3
Ascend-Multilink-ID = 847703275
Ascend-Num-In-Multilink = 0
Ascend-Modem-PortNo = 172
Ascend-Modem-SlotNo = 5
Ascend-Modem-ShelfNo = 1
Caller-Id = "01394671949"
Client-Port-DNIS = "08207210023"
Framed-Protocol = MP
Framed-Address = 212.132.221.129
Each Stop/Start record is separated by a blank line. I think the order of the fields can change.
The information I want for each client is the User-name, Remote IP address, Dialling number and Incoming ISDN number . That is {User-Name, Framed-IP-Address, Called-Station-Id, Calling-Station-Id respectively for Cistron } and {User-Name, Framed-Address, Client-Port-DNIS, Caller-Id respectively for Ascend}. All this information is in the Stop records - some is missing from the Start recrods. So I would think I can ignore the latter.
It seems fairly easy to split each line into fields 1, 2 and 3, and then label field 3 as IP_address, etc. My main difficulty is knowing how to group each block - i.e. keep records separate.
ANY help is greatly appreciated.
Thanks you all (especially Tracy!),
C.
You're absolutely right - should have given more info. Office was a bit hectic yesterday :?)
The log file is a mixture of logs from a Cistron RADIUS daemon, and an Ascend RADIUS daemon. For each user connection, there should be a start record and a stop record.
Apologies for the length of this post. Also, I have masked client-specific data.
Cistron start record:
From 111.222.333.444 logged on auth-01.th.ifl.net:
Sat Aug 4 23:03:56 2001
NAS-IP-Address = 444.333.222.111
NAS-Port-Id = 20400
NAS-Port-Type = ISDN
User-Name = "blahblahblah"
Called-Station-Id = "9876543210"
Calling-Station-Id = "0123456789"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "001CF455"
Framed-Protocol = PPP
Acct-Delay-Time = 0
Timestamp = 996966236
Request-Authenticator = Verified
Cistron stop record:
From 222.333.444.555 logged on auth-01.th.ifl.net:
Sat Aug 4 22:59:50 2001
NAS-IP-Address = 555.444.333.222
NAS-Port-Id = 191
NAS-Port-Type = 5
User-Name = "yadahyadah"
Called-Station-Id = "887766554411"
Calling-Station-Id = "1212121212"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "0013AFC1"
Framed-Protocol = PPP
Acct-Link-Count = 4
Ascend-Num-In-Multilink = 2
Framed-IP-Address = 62.170.185.137
Acct-Multi-Session-Id = "684648"
Ascend-Disconnect-Cause = 45
Ascend-Pre-Input-Octets = 58
Ascend-Pre-Output-Octets = 61
Ascend-Pre-Input-Packets = 2
Ascend-Pre-Output-Packets = 3
Acct-Input-Octets = 8
Acct-Output-Octets = 8
Acct-Input-Packets = 1
Acct-Output-Packets = 1
Ascend-PreSession-Time = 0
Acct-Session-Time = 2
Ascend-Data-Rate = 64000
Ascend-Xmit-Rate = 64000
Ascend-Multilink-ID = 684648
Acct-Delay-Time = 0
Timestamp = 996965990
Request-Authenticator = Verified
Ascend Start record:
From 194.238.50.134 logged on auth-01.ps.ifl.net:
Sat Aug 4 23:07:12 2001
User-Name = "36650"
NAS-Identifier = 194.238.50.134
NAS-Port = 1116
NAS-Port-Type = Sync
Acct-Status-Type = Start
Acct-Delay-Time = 0
Acct-Session-Id = "328361763"
Acct-Authentic = RADIUS
Ascend-Multilink-ID = 847704641
Ascend-Num-In-Multilink = 1
Ascend-Modem-PortNo = 172
Ascend-Modem-SlotNo = 5
Ascend-Modem-ShelfNo = 1
Caller-Id = "02088916538"
Client-Port-DNIS = "08207210023"
Framed-Protocol = MP
Framed-Address = 212.132.209.129
Ascend Stop record:
From 194.238.50.134 logged on auth-01.ps.ifl.net:
Sat Aug 4 23:07:00 2001
User-Name = "34234"
NAS-Identifier = 194.238.50.134
NAS-Port = 63
NAS-Port-Type = Sync
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Session-Id = "328359298"
Acct-Authentic = RADIUS
Acct-Session-Time = 85939
Acct-Input-Octets = 1555741
Acct-Output-Octets = 2339488
Acct-Input-Packets = 15848
Acct-Output-Packets = 28701
Ascend-Disconnect-Cause = 45
Ascend-Connect-Progress = 60
Ascend-Xmit-Rate = 64000
Ascend-Data-Rate = 64000
Ascend-PreSession-Time = 1
Ascend-Pre-Input-Octets = 148
Ascend-Pre-Output-Octets = 211
Ascend-Pre-Input-Packets = 8
Ascend-Pre-Output-Packets = 9
Ascend-First-Dest = 213.18.254.3
Ascend-Multilink-ID = 847703275
Ascend-Num-In-Multilink = 0
Ascend-Modem-PortNo = 172
Ascend-Modem-SlotNo = 5
Ascend-Modem-ShelfNo = 1
Caller-Id = "01394671949"
Client-Port-DNIS = "08207210023"
Framed-Protocol = MP
Framed-Address = 212.132.221.129
Each Stop/Start record is separated by a blank line. I think the order of the fields can change.
The information I want for each client is the User-name, Remote IP address, Dialling number and Incoming ISDN number . That is {User-Name, Framed-IP-Address, Called-Station-Id, Calling-Station-Id respectively for Cistron } and {User-Name, Framed-Address, Client-Port-DNIS, Caller-Id respectively for Ascend}. All this information is in the Stop records - some is missing from the Start recrods. So I would think I can ignore the latter.
It seems fairly easy to split each line into fields 1, 2 and 3, and then label field 3 as IP_address, etc. My main difficulty is knowing how to group each block - i.e. keep records separate.
ANY help is greatly appreciated.
Thanks you all (especially Tracy!),
C.
Are the records actually broken up into multiple lines like that, or did you just format them that way to make them easier to read? It would be a lot easier to handle if they were all one line.
Tracy Dryden
tracy@bydisn.com
Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.
Tracy Dryden
tracy@bydisn.com
Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.
Would this give you a start? (include your data file after the __END__ token, or change the <DATA>'s to <>'s and specify your file on the command line)
[tt]
use strict;
my $type;
while(<DATA>){
# find the first "start record:" type line
next until /record:/;
chomp($type = $_);
print "\n$type";
$_=<DATA>; # throw the following blank line
# then process the file until we get another blank line
while(<DATA>){
chomp;
# if this is a blank line
last if /^\s*$/;
# ok then - we've got data to play with
while (/^\s/){
s/^\s+//g;
}
if($type =~ /Cistron/){
# User-Name, Framed-IP-Address, Called-Station-Id, Calling-Station-Id
if(/User-Name/){
print " $_";
} elsif (/Framed-IP-Address/){
print " $_";
} elsif (/Called-Station-Id/){
print " $_";
} elsif (/Calling-Station-Id/){
print " $_";
}
} elsif ($type =~ /Ascend/){
# User-Name, Framed-Address, Client-Port-DNIS, Caller-Id
if(/User-Name/){
print " $_";
} elsif (/Framed-Address/){
print " $_";
} elsif (/Client-Port-DNIS,/){
print " $_";
} elsif (/Caller-Id/){
print " $_";
}
}
}
}
__END__
[/tt]
Mike
michael.j.lacey@ntlworld.com
Email welcome if you're in a hurry or something -- but post in tek-tips as well please, and I will post my reply here as well.
[tt]
use strict;
my $type;
while(<DATA>){
# find the first "start record:" type line
next until /record:/;
chomp($type = $_);
print "\n$type";
$_=<DATA>; # throw the following blank line
# then process the file until we get another blank line
while(<DATA>){
chomp;
# if this is a blank line
last if /^\s*$/;
# ok then - we've got data to play with
while (/^\s/){
s/^\s+//g;
}
if($type =~ /Cistron/){
# User-Name, Framed-IP-Address, Called-Station-Id, Calling-Station-Id
if(/User-Name/){
print " $_";
} elsif (/Framed-IP-Address/){
print " $_";
} elsif (/Called-Station-Id/){
print " $_";
} elsif (/Calling-Station-Id/){
print " $_";
}
} elsif ($type =~ /Ascend/){
# User-Name, Framed-Address, Client-Port-DNIS, Caller-Id
if(/User-Name/){
print " $_";
} elsif (/Framed-Address/){
print " $_";
} elsif (/Client-Port-DNIS,/){
print " $_";
} elsif (/Caller-Id/){
print " $_";
}
}
}
}
__END__
[/tt]
Mike
michael.j.lacey@ntlworld.com
Email welcome if you're in a hurry or something -- but post in tek-tips as well please, and I will post my reply here as well.
- Status
Similar threads
