8.2 Detailed Request Accounting

Radius stores the detailed information about accounting packets it receives in files `radacct/nasname/detail' (see section 2. Naming Conventions), where nasname is replaced with the short name of the NAS from the `raddb/naslist' file (see section 5.4 NAS List -- `raddb/naslist').

By default, this accounting type is always enabled, provided that `radacct' directory exists and is writable (see section 2. Naming Conventions). To turn the detailed accounting off, use the detail statement in the `config' file. For more information about it, see 5.1.4 acct statement.

The accounting detail files consist of a record for each accounting request. A record includes the timestamp and detailed dump of attributes from the packet, e.g.:

Fri Dec 15 18:00:24 2000 Acct-Session-Id = "2193976896017" User-Name = "e2" Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 11.10.10.125 Calling-Station-Id = "+15678023561" NAS-IP-Address = 11.10.10.11 NAS-Port-Id = 8 Acct-Delay-Time = 0 Timestamp = 976896024 Request-Authenticator = Unverified Fri Dec 15 18:32:09 2000 Acct-Session-Id = "2193976896017" User-Name = "e2" Acct-Status-Type = Stop Acct-Authentic = RADIUS Acct-Output-Octets = 5382 Acct-Input-Octets = 7761 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 11.10.10.125 Acct-Session-Time = 1905 NAS-IP-Address = 11.10.10.11 NAS-Port-Id = 8 Acct-Delay-Time = 0 Timestamp = 976897929 Request-Authenticator = Unverified

Notice that radiusd always adds two pseudo-attributes to detailed listings. Attribute Timestamp shows the UNIX timestamp when radiusd has received the request. Attribute Request-Authenticator shows the result of checking the request authenticator. Its possible values are:

Verified

The authenticator check was successful.

Unverified

The authenticator check failed. This could mean that either the request was forged or that the remote NAS and radiusd do not agree on the value of the shared secret.

None

The authenticator check is not applicable for this request type.

Notice also that the so-called internal attributes by default are not logged in the detail file. Internal attributes are those whose decimal value is greater than 255. Such attributes are used internally by radius and cannot be transferred via RADIUS protocol. Examples of such attributes are Fall-Through, Hint and Huntgroup-Name. See section 14.3 Radius Internal Attributes, for detailed listing of all internal attributes. The special attribute flag l (lower-case ell) may be used to force logging of such attributes (see section 5.2.4 ATTRIBUTE statement).