RFE: Include the connection type and remote Subject of a TLS connection in relevant log lines #164
Description
The subject is logged during connection:
tlsservernew: TLS connection from 192.168.1.2, client testclients, subject CN=4CDEBD8C-659A-48D8-A3E3-C526EA880CD4 up
tlsservernew: TLS connection from 192.168.1.2, client testclients, subject CN=050A23FC-DA2E-4590-9241-D4E674B917C4 up
But subsequent lines when multiple connections are in-play from the same IP do not include that reference:
Access-Reject for user [email protected] stationid FF-EE-DD-CC-BB-AA from freerad-1 to testclients (192.168.1.2)
Propose:
Include the connection type (eg. udp, tls), remote port number, and, if relevant, the client's TLS Subject in the log line for better auditing - something like:
Access-Reject for user [email protected] stationid FF-EE-DD-CC-BB-AA from freerad-1 to testclients (udp:192.168.1.3:38382)
Access-Reject for user [email protected] stationid FF-EE-DD-CC-BB-AA from freerad-1 to testclients (tls:192.168.1.2:55232/CN=4CDEBD8C-659A-48D8-A3E3-C526EA880CD4)