freeradius 3.0.16+dfsg-1ubuntu3 / usr / share / doc / freeradius / schemas / logstash / radius-mapping.sh

This file is indexed.

/usr/share/doc/freeradius/schemas/logstash/radius-mapping.sh is in freeradius 3.0.16+dfsg-1ubuntu3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#! /bin/sh

# Create an elasticsearch template mapping for RADIUS data
# Matthew Newton
# April 2015

# This should be run on an elasticsearch node. Alternatively,
# adjust the curl URI below.

# This version has been tested on elasticsearch 5.1.2

# The template will be called "radius", and will apply to all
# indices prefixed with "radius-" that contain data type "detail".
# As not all RADIUS attributes are known to begin with it has the
# following starting point that can be modified to suit the local
# configuration:
#
#   Acct-Input- or Acct-Output- attributes are numbers;
#   Acct-Session-Time is a number;
#   Everything else is a keyword, which is a non-analysed string.

# Additionally, the supplied logstash config will try and extract
# MAC addresses, IP addresses and ports from the data. These are
# stored with suffixes on the respective attribute. For example,
# an attribute
#
#   Called-Station-Id := "10.0.4.6[4500]"
#
# will be broken down into the following fields in elasticsearch:
#
#   Called-Station-Id = "10.0.4.6[4500]"
#   Called-Station-Id_ip = "10.0.4.6"
#   Called-Station-Id_port = "4500"
#
# This mapping ensures that these have an appropriate data type.


curl -XPUT '127.0.0.1:9200/_template/radius' -d '
{
  "template":"radius-*",
  "order":0,
  "mappings":{
    "detail":{

      "properties": {
        "@timestamp": { "format" : "date_optional_time", "type" : "date" },
        "@version": { "type" : "keyword" },
        "message": { "type" : "text" },
        "Acct-Session-Time": { "type" : "long" },
        "offset": { "type" : "long" }
      },

      "dynamic_templates": [

        { "acct_io_numbers": {
            "match_pattern": "regex",
            "match": "^Acct-(Input|Output)-.*$",
            "mapping": {
              "type": "long"
            }
          }
        },

        { "ipv4_address": {
            "path_match": "*_ip",
            "mapping": {
              "type": "ip"
            }
          }
        },

        { "network_port": {
            "path_match": "*_port",
            "mapping": {
              "type": "integer"
            }
          }
        },

        { "long_number": {
            "path_match": "*_long",
            "mapping": {
              "type": "long"
            }
          }
        },

        { "no_analyze_strings": {
            "match": "*",
            "mapping": {
              "type": "keyword"
            }
          }
        }

      ]
    }
  }
}'

APT Browse - Built by Thomas Orozco.