freeradius 3.0.12+dfsg-5+deb9u1 / usr / share / doc / freeradius / schemas / logstash / radius-mapping.sh

This file is indexed.

/usr/share/doc/freeradius/schemas/logstash/radius-mapping.sh is in freeradius 3.0.12+dfsg-5+deb9u1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
#! /bin/sh

# Create a template mapping for RADIUS data
# Matthew Newton
# April 2015

# This should be run on an elasticsearch node. Alternatively,
# adjust the curl URI below.

# The template will be called "radius", and will apply to all
# indices prefixed with "radius-" that contain data type "detail".
# As not all RADIUS attributes are known to begin with it has the
# following starting point that can be modified to suit the local
# configuration:
#
#   Acct-Input- or Acct-Output- attributes are numbers;
#   Acct-Session-Time is a number;
#   Everything else is a string.

# Additionally, the supplied logstash config will try and extract
# MAC addresses, IP addresses and ports from the data. These are
# stored with suffixes on the respective attribute. For example,
# an attribute
#
#   Called-Station-Id := "10.0.4.6[4500]"
#
# will be broken down into the following fields in elasticsearch:
#
#   Called-Station-Id = "10.0.4.6[4500]"
#   Called-Station-Id_ip = "10.0.4.6"
#   Called-Station-Id_port = "4500"
#
# This mapping ensures that these have an appropriate data type.


curl -XPUT '127.0.0.1:9200/_template/radius' -d '
{
  "template":"radius-*",
  "order":0,
  "mappings":{
    "detail":{

      "properties": {
        "@timestamp": { "format": "dateOptionalTime", "type": "date" },
        "@version": { "type" : "string" },
        "message": { "type" : "string" },
        "Acct-Session-Time": { "type" : "long", "doc_values": true },
        "offset": { "type" : "long", "doc_values": true }
      },

      "dynamic_templates": [

        { "acct_io_numbers": {
            "match_pattern": "regex",
            "match": "^Acct-(Input|Output)-.*$",
            "mapping": {
              "type": "long",
              "doc_values": true
            }
          }
        },

        { "ipv4_address": {
            "path_match": "*_ip",
            "mapping": {
              "type": "ip",
              "doc_values": true
            }
          }
        },

        { "network_port": {
            "path_match": "*_port",
            "mapping": {
              "type": "integer",
              "doc_values": true
            }
          }
        },

        { "long_number": {
            "path_match": "*_long",
            "mapping": {
              "type": "integer",
              "doc_values": true
            }
          }
        },

        { "no_analyze_strings": {
            "match": "*",
            "mapping": {
              "type": "string",
              "index": "not_analyzed",
              "doc_values": true
            }
          }
        }

      ]
    }
  }
}'

APT Browse - Built by Thomas Orozco.