[tac_plus] Question about logging with tac_plus

Alan McKinnon alan.mckinnon at gmail.com
Wed Apr 11 15:18:18 UTC 2012 

On Wed, 11 Apr 2012 09:58:32 +0300
Cosmin Neagu <cosmin.neagu at omnilogic.ro> wrote:

> Yes, that is exactly what i want to achieve
> 
> I found this in the man pages (nothing about a -l option)
> 
> " logging
>                Specifies the syslog(3) facility used.  By default,
> logs are posted to the daemon facility.
> 
>                    logging = <syslog_fac> "
> 
> I tried to enter the following in tac_plus.conf:
> 
> logging = syslog_facility        //it gives: tac_plus[7181]: Error 
> expecting syslog facility on line 7, got syslog_facility

A syslog facility is a very specific thing and you cannot customize
them. They have names like KERN, DAEMON, SECURITY and LOCAL0 to LOCAL7

They are documented in man 3 syslog

Most folks use facility DAEMON or AUTH, or perhaps one of LOCAL* (you
get to figure out for yourself how you will arrange those).

You then need to configure your syslogger to do the correct thing with
the log entries when it receives them from tac_plus.




> 
> I read about sysylog facilities and it seems to be a number meaning 
> something
> logging = 10                        //it gives tac_plus[7393]: Error 
> expecting syslog facility on line 7, got 10
> 
> logging = syslog        //does not give anymore error when starting
> but no logs apear in
> /var/log/syslog or /var/log/tac_plus.log
> 
> Can you help me this or point me to some documentation about how to
> do this logging?
> 
> 
>   Cosmin Neagu
>   NOC Team Leader
>   Str. I. G. Duca nr. 36
>   Otopeni, Judetul Ilfov, 075100 Romania
>   Tel: 021 303 3159 / 0732 669 193
>   www.omnilogic.ro
> 
> 
> On 04/11/2012 01:39 AM, heasley wrote:
> > Tue, Apr 10, 2012 at 05:00:02PM +0300, Cosmin Neagu:
> >> Hi,
> >> I want to know if it is posible to make tac_plus log into the
> >> default log file ( tac_plus.log ) logs when users ask for access
> >> on network equipment:
> >> Something like:
> >> Tue Apr 10 09:41:36 2012 : Auth: Login OK: [cosmin/parola] (from
> >> client 172.31.1.211 port 1)
> >>
> >> where 172.31.1.211 is the network equipment who asket tacacs for
> >> access on behalf of the user.
> >>
> >> I searched on internet but except:
> >> accounting file = /var/log/tac_plus.acct
> >> I did not find anything regarding logging user attempts to connect.
> > or accounting syslog
> >
> > accouting is generated by the device, not the daemon.  the daemon
> > just receives the records.
> >
> > other logging goes to syslog
> >
> > loggging = syslog_facility
> >
> > or specify a file with the -l option.  login failures are logged,
> > like
> >
> > Apr 10 22:38:34 guelah tac_plus[77645]: connect from 198.58.5.127
> > [198.58.5.127] Apr 10 22:38:38 guelah tac_plus[77645]: login
> > failure: heas 198.58.5.127 (198.58.5.127) tty2
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus



-- 
Alan McKinnnon
alan.mckinnon at gmail.com

More information about the tac_plus mailing list