Free Radius – Logpoint Service Desk

$Freeradius\.png$

General Description

The Free Radius application normalizes Free Radius events and enables you to analyze the data using the pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.

Release Details

Fields	Details
Version	5.0.1
Release Date	2020-05-14
Document Date	2020-05-14
Name	Free Radius
Supported On	LogPoint v6.7.0 and later
Download	FreeRadius_5.0.1.pak
SHA256	bff8b447ce9d19d13937d575a2d3466e7d37dee771ac33ceee728261798b3fca

Package Details

The application consists of the following components:

Dashboard Package
- LP_FreeRadius
Normalization Packages
- LP_FreeRadius Server
- LP_FreeRadius WLAN
- LP_FreeRadius VPN
Compiled Normalizer
- FreeRadiusCompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation

Follow these steps to install the Free Radius v5.0.1 application:

Download the Free Radius package from the Download section above.
Add Free Radius as the required device in LogPoint.
Create a collection policy with the Syslog collector and appropriate processing policy.
Assign the policy to the device.
Add the dashboard.

Screenshot

Supported Devices

The supported devices of Free Radius with LogPoint in this configuration are:

Free Radius VPN
Free Radius Server
Free Radius WLAN

Log Format

Expected Log Format

Key = Value pair space-separated

Log Samples

<139>Sat Jun 1 04:02:21 2013 : Auth: Login incorrect (rlm_ldap: Bind as user failed): [tantom] (from client vpn1-gw port 688128 cli 1.1.1.1)

tantom -> johndoe

<139>Fri Sep 11 13:13:34 2015 User-Name = "tobper" NAS-Port = 52908032 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 1.1.1.1 Class = 0x4f553d697463 Called-Station-Id = "1.1.1.2" Calling-Station-Id = "1.1.1.3" Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Session-Id = "AF71C8F7" Acct-Authentic = RADIUS NAS-Port-Type = Virtual Tunnel-Client-Endpoint:0 = "1.1.1.4" Vendor-3076-Attr-146 = 0x44656661756c7457454256504e47726f7570 Vendor-3076-Attr-150 = 0x00000002 Vendor-3076-Attr-151 = 0x00000001 Vendor-3076-Attr-152 = 0x00000003 NAS-IP-Address = 1.1.1.5 Client-IP-Address = 1.1.1.6 Acct-Unique-Session-Id = "b06a4bccebe7c953" Stripped-User-Name = "tobper" Realm = "NULL" Timestamp = 1441970014

tobper -> johndoe

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.

Release Details

Fields	Details
Name	Free Radius
Version	3.3.0
Supported On	LogPoint v6.0.0 to v6.6.6
Release Date	2020-05-14
Document Date	2020-05-14
Download	FreeRadius_3.3.0.pak
SHA256	633440fca6c196827a097977f9c07a42857add6c5440c9dae23adbe8050733ef

Package Details

The application consists of the following components:

Dashboard Package
- LP_FreeRadius
Normalization Packages
- LP_FreeRadius Server
- LP_FreeRadius WLAN
- LP_FreeRadius VPN
Compiled Normalizer
- FreeRadiusCompiledNormalizer

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

Installation

Follow these steps to install the Free Radius v3.3.0 application:

Download the Free Radius package from the Download section above.
Add Free Radius as the required device in LogPoint.
Create a collection policy with the Syslog collector and appropriate processing policy.
Assign the policy to the device.
Add the dashboard.

Screenshot

Supported Devices

The supported devices of Free Radius with LogPoint in this configuration are:

Free Radius VPN
Free Radius Server
Free Radius WLAN

Log Format

Expected Log Format

Key = Value pair space-separated

Log Samples

<139>Sat Jun 1 04:02:21 2013 : Auth: Login incorrect (rlm_ldap: Bind as user failed): [tantom] (from client vpn1-gw port 688128 cli 1.1.1.1)

tantom -> johndoe

<139>Fri Sep 11 13:13:34 2015 User-Name = "tobper" NAS-Port = 52908032 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 1.1.1.1 Class = 0x4f553d697463 Called-Station-Id = "1.1.1.2" Calling-Station-Id = "1.1.1.3" Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Session-Id = "AF71C8F7" Acct-Authentic = RADIUS NAS-Port-Type = Virtual Tunnel-Client-Endpoint:0 = "1.1.1.4" Vendor-3076-Attr-146 = 0x44656661756c7457454256504e47726f7570 Vendor-3076-Attr-150 = 0x00000002 Vendor-3076-Attr-151 = 0x00000001 Vendor-3076-Attr-152 = 0x00000003 NAS-IP-Address = 1.1.1.5 Client-IP-Address = 1.1.1.6 Acct-Unique-Session-Id = "b06a4bccebe7c953" Stripped-User-Name = "tobper" Realm = "NULL" Timestamp = 1441970014

tobper -> johndoe

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.

Support

If you have any queries or require assistance, please feel free to contact our support team:

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,

General Description

Release Details

Package Details

Enhancement

Installation

Screenshot

Supported Devices

Log Format

Release Details

Package Details

Enhancement

Installation

Screenshot

Supported Devices

Log Format

Support

Comments

Related articles