RADIUSaaS V2
Search
K

Examples

This page provides some real world scenarios giving you guidance on how to configure the Log Exporter for your scenario.

Example 1: General Authentication Information

Scope and Assumptions

The scope of the query provided below is as follows:
  • The admin is interested in understanding which users and/or devices are authenticating (successful or unsuccessful) and to built frequency statistics based on that
  • No VLAN tagging is used
  • Only certificate-based authentication is used (no username-password-based authentication)

Target

Message Filter Configuration

Rule Engine

Log Level
Enabled
Success
False
Failed
False
Error
False

Authorization System

Log Level
Enabled
Requests
False
Success
True
Failed
True
Error
False

Proxy Authentication

Log Level
Enabled
Connections
False
Success
False
Failed
False
Error
False

Data Configuration

1
{
2
"Decision": {{ data.get('Packet-Type') }},
3
"Level": {{ data.level }},
4
"IP": {{ data.get('Packet-Dst-Address') }},
5
"Username": {{ data.get('User-Name') }},
6
{% if data.get('TLS-OCSP-Cert-Valid') != None %}
7
"OCSPStatus": {{ data.get('TLS-OCSP-Cert-Valid') }},
8
{% endif %}
9
{% if data.level == "warning" %}
10
"FailReason": {{ data.get('Module-Failure-Message') }},
11
{% endif %}
12
"Datetime" : {{ data.Datetime }}
13
}

Example 2: Detailed Authentication Information

Scope and Assumptions

The scope of the query provided below is as follows:
  • The admin is interested in understanding which users and/or devices are authenticating (successful or unsuccessful)
  • The OCSP response of the CA if certificates are used
  • The used Access Point (via MAC address)
  • The RADIUS Rule that was triggered / VLAN that was tagged
  • Both, certificate-based authentication and username-password-based authentication are considered

Target

Message Filter Configuration

Rule Engine

Log Level
Enabled
Success
True
Failed
True
Error
False

Authorization System

Log Level
Enabled
Requests
False
Success
False
Failed
False
Error
False

Proxy Authentication

Log Level
Enabled
Connections
False
Success
False
Failed
False
Error
False

Data Configuration

1
{
2
"Decision": {{ data.get('Engine-Decision') }},
3
"Datetime" : {{ data.Datetime }},
4
"Level": {{ data.level }},
5
"Authtype": {{ data.get('Auth-Source-Type') }},
6
"Client-MAC": {{ data.get('Client-MAC') }},
7
"Username": {{ data.get('User-Name') }},
8
"Applied-Rule": {{ data.get('Applied-Rule') }},
9
"VLAN": {{ data.get('Assigned-VLAN', 'No VLAN assigned') }},
10
{% if data.get('Auth-Source-Type') == "WiFi" %}
11
"SSID": {{ data.get('SSID') }},
12
"AP-MAC": {{ data.get('AP-MAC') }},
13
{% endif %}
14
{% if data.get('Authtype') == "Certificate" %}
15
"OCSPStatus": {{ data.get('OCSP-Response', "Not performed") }},
16
{% endif %}
17
{% if data.level == "WARNING" %}
18
"FailReason": {{ data.get('Reject-Description') }}
19
{% endif %}
20
}

Example 3: General Error Notifications

Scope and Assumptions

The scope of the query provided below is as follows:
  • The admin is interested in receiving pro-active notifications about errors on the RADIUSaaS platform for the operations team.

Target

Teams

Message Filter Configuration

Rule Engine

Log Level
Enabled
Success
False
Failed
False
Error
False

Authorization System

Log Level
Enabled
Requests
False
Success
False
Failed
False
Error
True

Proxy Authentication

Log Level
Enabled
Connections
False
Success
False
Failed
False
Error
True

Data Configuration

1
The RADIUS system has issues!
2
Message: {{ data.get('message') }}
3
4
Raw data:
5
{{ data }}