base/protocols/radius/main.bro
-
RADIUS
Implements base functionality for RADIUS analysis. Generates the radius.log file.
Summary
Events
RADIUS::log_radius: event |
Event that can be handled to access the RADIUS record as it is sent on
to the logging framework. |
Detailed Interface
Types
-
RADIUS::Info
Type : | record
- ts: time &log
Timestamp for when the event happened.
- uid: string &log
Unique ID for the connection.
- id: conn_id &log
The connection’s 4-tuple of endpoint addresses/ports.
- username: string &log &optional
The username, if present.
- mac: string &log &optional
MAC address, if present.
- framed_addr: addr &log &optional
The address given to the network access server, if
present. This is only a hint from the RADIUS server
and the network access server is not required to honor
the address.
- remote_ip: addr &log &optional
Remote IP address, if present. This is collected
from the Tunnel-Client-Endpoint attribute.
- connect_info: string &log &optional
Connect info, if present.
- reply_msg: string &log &optional
Reply message from the server challenge. This is
frequently shown to the user authenticating.
- result: string &log &optional
Successful or failed authentication.
- ttl: interval &log &optional
The duration between the first request and
either the “Access-Accept” message or an error.
If the field is empty, it means that either
the request or response was not seen.
- logged: bool &default = F &optional
Whether this has already been logged and can be ignored.
|
Events
-
RADIUS::log_radius
-
Event that can be handled to access the RADIUS record as it is sent on
to the logging framework.