Add separate authentication log
Would be nice to have a log dedicated to authentication events (ssh, gui, VPNs, etc).
Most things will be caught by
auth.*;authpriv.* but there may be some stragglers.
Notably, IPsec authentication doesn't appear to have a way to get just the user auth messages. They are a part of the "ike" subsystem and do not show up until the log level is increased to where it's far too chatty to include here.
The radius package should probably also send its logs there.
#2 Updated by Jim Pingle about 1 month ago
- Category changed from Logging to Captive Portal
- Status changed from Feedback to In Progress
- Assignee deleted (
- Target version deleted (
- % Done changed from 100 to 90
Still need to poke at IPsec a bit to see if there is another way to get just the auth messages out of it. Might not be possible.
#4 Updated by Jim Pingle about 1 month ago
- Status changed from In Progress to Feedback
- % Done changed from 90 to 100
I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.g. EAP), might revisit in the future.
Otherwise this is working for the base system so far.