[tac_plus] Mailing list and Syslog question
Alan McKinnon
alan.mckinnon at gmail.com
Thu May 5 20:36:13 UTC 2011
Apparently, though unproven, at 19:29 on Thursday 05 May 2011, Paul Root did
opine thusly:
> Is there a mailling list to join for this?
Yes, it's the address you used. That I replied is proof it works ;-)
> Also, we are trying to get accounting to go to syslog. But it persists in
> sending to the file.
>
> How is syslog enabled for accounting?
I also tried to get this to work, and failed. The CHANGES file contains this:
F4.0.4.16
- Add 'accounting syslog;' configuration knob - mostly from Mark
Ellzey Thomas
So there is some level of support. I could not find out how to set the
facility and priority, so I just let tac_plus write to the file (I wanted a
local copy anyway) and configured syslog-ng to read it and send the logs onto
my syslogger:
# Tacacs accounting logs
source s_tac_plus_acc {
file("/var/log/tacacs/accounting",
default-facility(local6),
default-priority(info));
};
# Remote logging to syslogger
destination syslogger {
tcp("xxx.xxx.xxx.xxx" port(514));
};
log { source(s_tac_plus_acc); destination(syslogger); };
Not the most elegant solution, it does require you to keep your wits about you
if you change log filenames, but it does work. It's for syslog-ng, AFAIR
syslogd can be brutally assaulted into doing much the same,
> Lastly, is there a way to disable an account after X number of failed
> attempts?
Not inside the conf file to the best of my knowledge. You'll have to write an
external auth script that stores expiry and failed attempts info to do this.
Check the section "USING PROGRAMS TO DO AUTHORIZATION" in the manual bundled
with the sources.
Daniel Schmidt posted links to this very topic just yesterday so I'll assume
you've only just registered and missed it (unlucky you!). Here's the relevant
text reposted:
http://tacacs.org/
and this:
python do_auth.py | less
or maybe this:
http://www.shrubbery.net/pipermail/tac_plus/2011-March/000879.html
or this:
http://manpages.ubuntu.com/manpages/maverick/man8/do_auth.8.html
--
alan dot mckinnon at gmail dot com
More information about the tac_plus
mailing list