Examples
This page provides some real world scenarios giving you guidance on how to configure the Log Exporter for your scenario.
The scope of the query provided below is as follows:
- The admin is interested in understanding which users and/or devices are authenticating (successful or unsuccessful) and to built frequency statistics based on that
- No VLAN tagging is used
- Only certificate-based authentication is used (no username-password-based authentication)
Log Level | Enabled |
|---|---|
Success | False |
Failed | False |
Error | False |
Log Level | Enabled |
|---|---|
Requests | False |
Success | True |
Failed | True |
Error | False |
Log Level | Enabled |
|---|---|
Connections | False |
Success | False |
Failed | False |
Error | False |
1
{
2
"Decision": {{ data.get('Packet-Type') }},
3
"Level": {{ data.level }},
4
"IP": {{ data.get('Packet-Dst-Address') }},
5
"Username": {{ data.get('User-Name') }},
6
{% if data.get('TLS-OCSP-Cert-Valid') != None %}
7
"OCSPStatus": {{ data.get('TLS-OCSP-Cert-Valid') }},
8
{% endif %}
9
{% if data.level == "warning" %}
10
"FailReason": {{ data.get('Module-Failure-Message') }},
11
{% endif %}
12
"Datetime" : {{ data.Datetime }}
13
}
The scope of the query provided below is as follows:
- The admin is interested in understanding which users and/or devices are authenticating (successful or unsuccessful)
- The OCSP response of the CA if certificates are used
- The used Access Point (via MAC address)
- Both, certificate-based authentication and username-password-based authentication are considered
Log Level | Enabled |
|---|---|
Success | True |
Failed | True |
Error | False |
Log Level | Enabled |
|---|---|
Requests | False |
Success | False |
Failed | False |
Error | False |
Log Level | Enabled |
|---|---|
Connections | False |
Success | False |
Failed | False |
Error | False |
1
{
2
"Decision": {{ data.get('Engine-Decision') }},
3
"Datetime" : {{ data.Datetime }},
4
"Level": {{ data.level }},
5
"Authtype": {{ data.get('Auth-Source-Type') }},
6
"Client-MAC": {{ data.get('Client-MAC') }},
7
"Username": {{ data.get('User-Name') }},
8
"Applied-Rule": {{ data.get('Applied-Rule') }},
9
"VLAN": {{ data.get('Assigned-VLAN', 'No VLAN assigned') }}
10
{% if data.get('Auth-Source-Type') == "WiFi" %}
11
"SSID": {{ data.get('SSID') }},
12
"AP-MAC": {{ data.get('AP-MAC') }},
13
{% endif %}
14
{% if data.get('Authtype') == "Certificate" %}
15
"OCSPStatus": {{ data.get('OCSP-Response', "Not performed") }},
16
{% endif %}
17
{% if data.level == "WARNING" %}
18
"FailReason": {{ data.get('Reject-Description') }}
19
{% endif %}
20
}
The scope of the query provided below is as follows:
- The admin is interested in receiving pro-active notifications about errors on the RADIUSaaS platform for the operations team.
Log Level | Enabled |
|---|---|
Success | False |
Failed | False |
Error | False |
Log Level | Enabled |
|---|---|
Requests | False |
Success | False |
Failed | False |
Error | True |
Log Level | Enabled |
|---|---|
Connections | False |
Success | False |
Failed | False |
Error | True |
1
The RADIUS system has issues!
2
Message: {{ data.get('message') }}
3
4
Raw data:
5
{{ data }}
Last modified 9d ago