# -*- text -*-
#
#  $Id$

#
#  More examples of doing detail logs.

#
#  Many people want to log authentication requests.
#  Rather than modifying the server core to print out more
#  messages, we can use a different instance of the 'detail'
#  module, to log the authentication requests to a file.
#
#  You will also need to un-comment the 'auth_log' line
#  in the 'authorize' section, below.
#
detail auth_log {
	detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d

	#
	#  This MUST be 0600, otherwise anyone can read
	#  the users passwords!
	detailperm = 0600

	# You may also strip out passwords completely
	suppress {
		User-Password
	}
}

#
#  This module logs authentication reply packets sent
#  to a NAS.  Both Access-Accept and Access-Reject packets
#  are logged.
#
#  You will also need to un-comment the 'reply_log' line
#  in the 'post-auth' section, below.
#
detail reply_log {
	detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d

	detailperm = 0600
}

#
#  This module logs packets proxied to a home server.
#
#  You will also need to un-comment the 'pre_proxy_log' line
#  in the 'pre-proxy' section, below.
#
detail pre_proxy_log {
	detailfile = ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d

	#
	#  This MUST be 0600, otherwise anyone can read
	#  the users passwords!
	detailperm = 0600

	# You may also strip out passwords completely
	#suppress {
		# User-Password
	#}
}

#
#  This module logs response packets from a home server.
#
#  You will also need to un-comment the 'post_proxy_log' line
#  in the 'post-proxy' section, below.
#
detail post_proxy_log {
	detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d

	detailperm = 0600
}