base/protocols/radius/main.bro

RADIUS

Implements base functionality for RADIUS analysis. Generates the radius.log file.

Namespace:RADIUS
Imports:base/protocols/radius/consts.bro, base/utils/addrs.bro
Source File:/scripts/base/protocols/radius/main.bro

Summary

Events

RADIUS::log_radius: event Event that can be handled to access the RADIUS record as it is sent on to the logging framework.

Detailed Interface

Types

RADIUS::Info
Type:

record

ts: time &log

Timestamp for when the event happened.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

username: string &log &optional

The username, if present.

mac: string &log &optional

MAC address, if present.

framed_addr: addr &log &optional

The address given to the network access server, if present. This is only a hint from the RADIUS server and the network access server is not required to honor the address.

remote_ip: addr &log &optional

Remote IP address, if present. This is collected from the Tunnel-Client-Endpoint attribute.

connect_info: string &log &optional

Connect info, if present.

reply_msg: string &log &optional

Reply message from the server challenge. This is frequently shown to the user authenticating.

result: string &log &optional

Successful or failed authentication.

ttl: interval &log &optional

The duration between the first request and either the “Access-Accept” message or an error. If the field is empty, it means that either the request or response was not seen.

logged: bool &default = F &optional

Whether this has already been logged and can be ignored.

Events

RADIUS::log_radius
Type:event (rec: RADIUS::Info)

Event that can be handled to access the RADIUS record as it is sent on to the logging framework.


Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.