Logs are not being written to options.logdestination when -f (foreground) is passed to radsecproxy
Hello Fabian,
We have noticed that the log destination option in the radsecproxy configuration file is completely ignored when radsecproxy is made to run in the foreground with the -f argument. Looking at the code ( snippet pasted below ), it looks to be something intentional.
In radsecproxy.c radsecproxy_main() { //// if (!foreground) { debug_set_destination(options.logdestination ? options.logdestination : "x-syslog:///", LOG_TYPE_DEBUG); if (options.ftickssyslogfacility) { debug_set_destination(options.ftickssyslogfacility, LOG_TYPE_FTICKS); free(options.ftickssyslogfacility); } } }
However, we think that if the configuration file has a log destination, it should override any other directive and we should write logs to that log destination instead of using* -f* as a toggle to write to STDOUT vs the log destination. Let us know what you think about this ?
Here is my suggested fix , change the above snippet of code to:-
if (options.logdestination) { debug_set_destination(options.logdestination, LOG_TYPE_DEBUG); free(options.logdestination); } else if (!foreground) { debug_set_destination("x-syslog:///", LOG_TYPE_DEBUG); }
if (options.ftickssyslogfacility) { debug_set_destination(options.ftickssyslogfacility, LOG_TYPE_FTICKS); free(options.ftickssyslogfacility); }
Thanks, Imtiyaz
Hi Imtiyaz,
On 04.01.21, 11:12, "Imtiyaz Mohammad" imtiyaz@arista.com wrote:
We have noticed that the log destination option in the radsecproxy configuration file is completely ignored when radsecproxy is made to run in the foreground with the -f argument. Looking at the code ( snippet pasted below ), it looks to be something intentional.
However, we think that if the configuration file has a log destination, it should override any other directive and we should write logs to that log destination instead of using -f as a toggle to write to STDOUT vs the log destination. Let us know what you think about this ?
(note: this code predates my involvement in radsecproxy by years) Ignoring the log destination and logging to the console (its actually ERROUT) with the foreground (-f) argument is very intentional. Its intended use is to debug something (together with -d flag), and watch it while using your production config.
This is basically a standard pattern that command line arguments always take precedence over the config file (many tools nowadays also consider environment variables, and there seems to be some debate over the precedence of environment versus config file).
Regards, Fabian
-- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39
-
Fabian Mauchle -
Imtiyaz Mohammad