raddebug - Display debugging output from a running server.
raddebug [-c condition] [-d config_directory]
[-D dictionary_directory] [-n name] [-i
ipv4-address] [-I ipv6-address] [-f
socket_file] [-t timeout] [-u user-name]
raddebug is a shell script wrapper around radmin that automates
the process of obtaining debugging output from a running server. It does this
without impacting service availability, unlike using radiusd -X. There
are a number of prerequisites that are required for its proper operation:
* radmin must be available in the PATH.
* The user running raddebug must have permission to connect to
the server control socket.
* The control socket must be configured. For instructions, see
raddb/sites-available/control-socket
* The control socket must be marked as "mode = rw".
* The user running raddebug must have permission to read and
write files in the "logdir" directory. This is usually
/var/log/radiusd.
For a number of reasons, the debugging output is placed in an
intermediate file, rather than being sent directly to standard output. In
order to prevent this file from growing too large, the raddebug
program is automatically terminated after 10 seconds. This timeout can be
changed via the "-t" parameter.
When the script exits, debug mode in the server is disabled, and
the intermediate file is deleted.
Debug output from a live server can be redirected to only one
location. If a second instance of raddebug is started while the first
one is still running, the later one will over-ride the first one, and the
first will stop producing output.
- -c condition
- Set a specific debug condition. The format of the condition is as
specified in the CONDITIONS section of the unlang manual page.
- -f socket_file
- The path to the control socket. See the radmin manual page for more
description of this option.
- -i ipv4-address
- Show debug output for the client having the given IPv4 address. This
option is equivalent to using:
-c '(Packet-Src-IP-Address == ipv4-address)'
- -d config directory
- The radius configuration directory, usually
/usr/local/share/examples/freeradius/raddb. See the radmin manual
page for more description of this option.
- -D dictionary directory
- Set main dictionary directory. Defaults to
/usr/share/freeradius.
- -n mname
- Read raddb/name.conf instead of raddb/radiusd.conf.
- -I ipv6-address
- Show debug output for the client having the given IPv6 address. This
option is equivalent to using:
-c '(Packet-Src-IPv6-Address == ipv6-address)'
- -t timeout
- Stop printing debug output after "timeout" seconds. The default
timeout is sixty (60) seconds. Use "-t 0" to print debugging
output forever, or until the script exits.
- -u name
- Show debug output for users having the given name. This option is
equivalent to using:
-c '(User-Name == name)'
radmin(8), raddb/sites-available/control-socket, unlang(5), radiusd.conf(5)
Alan DeKok <aland@freeradius.org>