NAME

       rlm_sql_log - FreeRADIUS Module

DESCRIPTION

       The  rlm_sql_log  module  appends the SQL queries in a log file which is read later by the
       scripts/radsqlrelay Perl program.

       The purpose of this module is to de-couple the storage of long-term accounting data in SQL
       from "live" information needed by the RADIUS server as it's running.  If you are not using
       SQL for simultaneous login restrictions (i.e. "sql" is not listed in the "session" section
       of  "radiusd.conf"),  then  this  module allows you to log SQL queries to a file, and then
       process them at your leisure.

       The benefit of this approach is that for a busy server, the  overhead  of  performing  SQL
       qeuries  may be significant.  Also, if the SQL databases are large (as is typical for ones
       storing months of data), the INSERTs and UPDATEs may take a relatively long time.   Rather
       than  slowing  down  the RADIUS server by having it interact with a database, you can just
       log the queries to a file, and then run those queries on another machine,  or  at  a  time
       when the RADIUS server is typically lightly loaded.

       If  the  "sql" module is listed in the "session" section of "radiusd.conf", then a similar
       system can still be used.  In that case, one database would be  used  to  maintain  "live"
       session information.  That database would be small, fast, and information would be deleted
       from it when a user  logs  out.   A  second  database  would  store  long-term  accounting
       information, as described above.

LIMITATIONS

       This  module  only  performs  the  dynamic  expansion  of  the  variables found in the SQL
       statements. No operation is executed on the database server.  (this would be done later by
       an external program) That means the module is useful only with non-"SELECT" statements.

CONFIGURATION

       The main configuration items to be aware of are the path of the log file and the different
       SQL queries.

       path   An entry named "path" sets the full path of the file  where  the  SQL  queries  are
              recorded.  (this  variable is run through dynamic string expansion, and can include
              FreeRADIUS variables to create a dynamic filename)

       Accounting queries
              When a accounting record is processed, the module searches a config entry keyed  by
              the  Acct-Status-Type  attribute  present in the packet. For example, the SQL to be
              run on an accounting start must be named  "Start"  in  the  configuration  for  the
              module.  Other  usual values for Acct-Status-Type are "Stop", "Alive", "Accounting-
              On", etc.  See the VALUEs for Acct-Status-Type in the dictionary.rfc2866 file.

       Post-Auth query
              An entry named "Post-Auth" sets the query to  run  during  the  post-authentication
              stage.   This  query  is mainly used to log sessions where there may not be a later
              accounting packet.

       modules {
         ...
         sql_log {
           path = "${radacctdir}/sql-relay"
           acct_table = "radacct"
           postauth_table = "radpostauth"
           sql_user_name = "%{%{User-Name}:-DEFAULT}"

           Start = "INSERT INTO ${acct_table} ..."
           Stop = "UPDATE ${acct_table} SET ..."
           Alive = "UPDATE ${acct_table} SET ..."

           Post-Auth = "INSERT INTO ${postauth_table} ..."
         }
         ...
       }

       accounting {
         ...
         sql_log
         ...
       }

       post-auth {
         ...
         sql_log
         ...
       }

SECTIONS

       accounting, post-auth

FILES

       /etc/raddb/radiusd.conf

SEE ALSO

       radsqlrelay(8), radiusd(8), radiusd.conf(5)

AUTHOR

       Nicolas Baradakis <nicolas.baradakis@cegetel.net>

                                           28 May 2005                             rlm_sql_log(5)