14

LoginTC RADIUS Connector

Last Update 24 minutes ago

Challenge Authentication Mode How do I upgrade my RADIUS Connector? What is the IP Address in the Client Settings? Do I need to change firewall rules for incoming traffic? Not authenticating

Configuring a Syslog Server

Here are the instructions to send /var/log/logintc/authenticate.log and /var/log/radius/radius.log to your syslog server.

SSH into the LoginTC RADIUS Connector then:

1. Modify /etc/rsyslog.conf:

sudo vi /etc/rsyslog.conf


2. Add the following line in "#### MODULES ####" section:


$ModLoad imfile


3. Example:


#### MODULES ####


$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog # provides kernel logging support (previously done by rklogd)

#$ModLoad immark # provides --MARK-- message capability


# Provides UDP syslog reception

#$ModLoad imudp

#$UDPServerRun 514


# Provides TCP syslog reception

#$ModLoad imtcp

#$InputTCPServerRun 514


$ModLoad imfile


4. Save and quit from /etc/rsyslog.conf:


:wq


5. Create a new configuration for authenticate.log:


sudo vi /etc/rsyslog.d/logintc.authenticate.conf


Contents:


$InputFileName /var/log/logintc/authenticate.log

$InputFileTag logintc-authenticate

$InputFileStateFile logintc-authenticate-file1

$InputFileSeverity info

$InputFileFacility local7

$InputRunFileMonitor

$InputFilePersistStateInterval 1000


6. Save and quit from /etc/rsyslog.d/logintc.authenticate.conf:


:wq


7. Create a new configuration for radius.log:


sudo vi /etc/rsyslog.d/logintc.radius.conf


Contents:


$InputFileName /var/log/radius/radius.log

$InputFileTag logintc-radius

$InputFileStateFile logintc-radius-file1

$InputFileSeverity info

$InputFileFacility local7

$InputRunFileMonitor

$InputFilePersistStateInterval 1000


8. Save and quit from /etc/rsyslog.d/logintc.radius.conf:


:wq


9. Restart rsyslog:


sudo service rsyslog restart


In order to test you can execute a login which uses that appliance and then:


sudo cat /var/log/messages | grep -i logintc


You should see some logs starting to show up in /var/log/messages.


Once confirmed, configure where the logs will be sent:


1. Modify /etc/rsyslog.conf:


sudo vi /etc/rsyslog.conf


2. For TCP Forwarding Add the following line below "# remote host is..." at the end of the file (port 601):


*.* @@remote-host:601


For UDP Forwarding Add the following line below "# remote host is..." at the end of the file (port 514):


*.* @remote-host:514


3. Example:


# remote host is: name/ip:port, e.g. 192.168.0.1:601, port optional

*.* @@remote-host:601

# ### end of the forwarding rule ###


NOTE: If you want to send logs to multiple syslog servers simply add a line per destination.

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional


*.* @remote-host-1:514

*.* @remote-host-2:514

# ### end of the forwarding rule ###


4. Replace remote-host with the IP Address of your syslog server


5. Save and quit from /etc/rsyslog.conf:


:wq


6. Restart rsyslog:


sudo service rsyslog restart


/var/log/logintc/authenticate.log and /var/log/radius/radius.log logs will be sent to your your syslog server.


NOTE: We always recommend taking a VM snapshot and backing up affected files for rollback procedures.

Was this article helpful?

2 out of 2 liked this article

Still need help? Message Us