On Fri, 3 Mar 2000, Jeff Mcadams wrote:
Thus spake Ed
Yeah we have thought of that, however it seems like it would be slow and cumbersome. Exactly what do you use to parse the information from the Logs? Anything specific? or is it a custom script? Speed is of the essence in this method... and with 25,000+ users it would be tough to achieve I would think.
Jeff, That whole mess just begs for an SQL database :) Brian
Yeah...we've got a custom written perl script that does...essentially...a tail -f on the RADIUS accounting log file, parses and stores each online connection in a directory...one entry per file...the file name is the IP address of the connection. Inside the file is information like userid, ip address, name of the NAS, ip of the NAS, port number on the NAS, caller and called id, time, etc. Then our scripts controlling access (via .htaccess for example) can get the ip address of the connection and quickly find the file they need with the information in it to decide whether to give access or not. Of course, when we see the stop record, we just remove the corresponding file.
This'll occasionally get slightly out of sync with the actual connections on the NASen...but never very far...its somewhat self-correcting. If a new connection comes on with an IP address of a connection that didn't get removed when they disconnected, the file for that IP address is overwritten with the new connection, so stale connections don't stay in there for very long.
Like I said...there are probably more elegant solutions for this...but so far this has worked fairly well for us. We'll probably have to come up with something different before to long in order to scale better...but this works for now.
I was hoping someone had done the Proxy method... but then again it has it's drawbacks as well.
Depending on the proxy server you use, you might be able to have the proxy server look into a file store like this to determine what sort of access to give...we haven't tried that. -- Jeff McAdams Email: jeffm@iglou.com Head Network Administrator Voice: (502) 966-3848 IgLou Internet Services (800) 436-4456
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
----------------------------------------------------- Brian Feeny (BF304) signal@shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.