# Examples ## Example 1: General authentication information ### Scope and assumptions The scope of the query provided below is as follows: * the admin is interested in understanding which users/devices are authenticating (accepted or rejected) and to built frequency statistics based on that * no VLAN tagging is used * only certificate-based authentication is used (no username-password-based authentication) ### Target [Log Analytics](https://docs.radiusaas.com/admin-portal/settings/log-exporter/log-analytics) or [General Webhook](https://docs.radiusaas.com/admin-portal/settings/log-exporter/generic-webhook) ### Message Filter configuration #### Rule Engine | Log Level | Enabled | | --------- | ------------------------------------- | | Success | False | | Failed | False | | Error | False | #### Authorization System | Log Level | Enabled | | --------- | -------------------------------------- | | Requests | False | | Success | True | | Failed | True | | Error | False | #### Proxy Authentication | Log Level | Enabled | | ----------- | ------------------------------------- | | Connections | False | | Success | False | | Failed | False | | Error | False | ### Data Configuration {% code lineNumbers="true" %} ```json { "Decision": {{ data.get("Packet-Type") }}, "Level": {{ data.level }}, "IP": {{ data.get("Packet-Dst-Address") }}, "Username": {{ data.get("User-Name") }}, {% if data.get("TLS-OCSP-Cert-Valid") != None %} "OCSPStatus": {{ data.get("TLS-OCSP-Cert-Valid") }}, {% endif %} {% if data.level == "warning" %} "FailReason": {{ data.get("Module-Failure-Message") }}, {% endif %} "Datetime" : {{ data.Datetime }} } ``` {% endcode %} ## Example 2: Detailed authentication information ### Scope and assumptions The scope of the query provided below is as follows: * the admin is interested in understanding which users/devices are authenticating via certificate or username & password (accepted or rejected) * username and certificate details with OCSP response * SSID and used Access Point (MAC address) * RADIUSaaS [Rule](https://docs.radiusaas.com/admin-portal/settings/rules) that was triggered, if applicable: assigned VLAN * correlation ID for further investigation ### Target [Log Analytics](https://docs.radiusaas.com/admin-portal/settings/log-exporter/log-analytics) or [General Webhook](https://docs.radiusaas.com/admin-portal/settings/log-exporter/generic-webhook) ### Message Filter Configuration #### Rule Engine | Log Level | Enabled | | --------- | -------------------------------------- | | Success | True | | Failed | True | | Error | False | #### Authorization System | Log Level | Enabled | | --------- | ------------------------------------- | | Requests | False | | Success | False | | Failed | False | | Error | False | #### Proxy Authentication | Log Level | Enabled | | ----------- | ------------------------------------- | | Connections | False | | Success | False | | Failed | False | | Error | False | ### Data configuration {% code lineNumbers="true" %} ```json { "Decision": {{ data.get("Engine-Decision") }}, "Datetime" : {{ data.Datetime }}, "Level": {{ data.level }}, "Authtype": {{ data.get("Authtype") }}, "Client-MAC": {{ data.get("Client-MAC") }}, "Username": {{ data.get("User-Name") }}, "Applied-Rule": {{ data.get("Applied-Rule") }}, "VLAN": {{ data.get("Assigned-VLAN", "No VLAN assigned") }}, "Auth-Source-Type": {{ data.get("Auth-Source-Type") }}, {% if data.get("Auth-Source-Type") == "WiFi" %} "SSID": {{ data.get("SSID") }}, "AP-MAC": {{ data.get("AP-MAC") }}, {% endif %} {% if data.get("Authtype") == "Certificate" %} "Certificate-CommonName": {{ data.get("Certificate-Details", {}).get("TLS-Cert-Common-Name") }}, "Certificate-Serial": {{ data.get("Certificate-Details", {}).get("TLS-Client-Cert-Serial") }}, {% endif %} {% if data.get("Verify-Result") != None %} "Verify-Result": {{ data.get("Verify-Result") }}, "Verify-Status": {{ data.get("Verify-Status") }}, "Verify-Type": {{ data.get("Verify-Type") }}, "Verify-Description": {{ data.get("Verify-Description") }}, {% endif %} {% if data.get("Reject-Description") != None %} "Reject-Description": {{ data.get("Reject-Description") }}, {% endif %} "GKG-Correlation-Id": {{ data.get("GKG-Correlation-Id") }} } ``` {% endcode %} ## Example 3: General error notifications ### Scope and assumptions The scope of the query provided below is as follows: * the admin is interested in receiving pro-active notifications about errors on the RADIUSaaS platform for the operations team. ### Target [Teams](https://docs.radiusaas.com/admin-portal/settings/log-exporter/teams), or [Log Analytics](https://docs.radiusaas.com/admin-portal/settings/log-exporter/log-analytics) or [General Webhook](https://docs.radiusaas.com/admin-portal/settings/log-exporter/generic-webhook) ### Message Filter Configuration #### Rule Engine | Log Level | Enabled | | --------- | ------------------------------------- | | Success | False | | Failed | False | | Error | False | #### Authorization System | Log Level | Enabled | | --------- | -------------------------------------- | | Requests | False | | Success | False | | Failed | False | | Error | True | #### Proxy Authentication | Log Level | Enabled | | ----------- | -------------------------------------- | | Connections | False | | Success | False | | Failed | False | | Error | True | ### Data configuration #### Teams {% code lineNumbers="true" %} ``` The RADIUS system has issues! Message: {{ data.get('message') }} Raw data: {{ data }} ``` {% endcode %} #### Log Analytics or General Webhook {% code lineNumbers="true" %} ``` { "Message": {{ data.get("message") }}, "Datetime" : {{ data.get("Datetime") }}, "Level": {{ data.get("level") }}, "Type": {{ data.get("type", "not applicable") }} } ``` {% endcode %}