[rancid] Full AAA logging / supported configuration

Sean spedersen.lists at gmail.com
Fri Sep 9 20:02:57 UTC 2016

I'm on F4.0.4.26.


I've seen a few examples of logging AAA with tac_plus. The most documented is the "accounting" option.


accounting syslog;


accountig file = /var/log/tac_plus.acct


This works fine. I have it set up, logging correctly, logrotate running, etc. It’s also documented just about everywhere I’ve seen, but seems like it’s the only official means to log something.


I'd like to log authentication and authorization as well, if possible. I've come across reference to the following configuration:


accounting log = /var/log/tac_plus/accounting.log

authentication log = /var/log/tac_plus/authentication.log

authorization log = /var/log/tac_plus/authorization.log


This seems to be either a) outdated or b) poorly referenced as it doesn't work globally. A reference configuration I have from a version so old it's expressed in a date format (201211021744) places it within an "id" container.


id = tac_plus {

  accounting log = /var/log/tac_plus/accounting.log

  authentication log = /var/log/tac_plus/authentication.log

  authorization log = /var/log/tac_plus/authorization.log



I haven't tried this in v4 yet since I can't find (presumably) current reference for it, but it’s working in the older version.


I've also found reference to setting the appropriate -d flags when running tac_plus and getting this information as more of a "happy accident" in whatever syslog files it ends up in vs. more programmatic means.


What’s the most appropriate / supported way to log this information, if any?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20160909/f6ca9182/attachment.html>

More information about the Rancid-discuss mailing list