RADIUS Client Statistics

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

The Security Console displays statistics for the RSA RADIUS clients in RSA Authentication Manager. The statistics contain authentication and accounting data for RADIUS clients.

The Security Console begins tracking the statistics after an administrator starts the RADIUS server that is associated with the RADIUS client. When an administrator restarts the RADIUS server, the Security Console clears the statistics and begins the tracking again. You can record statistics in RADIUS log files.

When displaying RADIUS client statistics, the Security Console allows you to choose from the following four types:

  • Accounting Request Diagnostics

  • Account Request Types

  • Authentication Request Diagnostics

  • Summary

To view RADIUS client statistics, see Edit a Standard RADIUS User Attribute Definition. You can view subsets of authentication and accounting statistics.

Authentication Statistics

Authentication confirms that valid users request network services. Authentication statistics include the following.

                                      

Statistic

Description

Authentication Request Diagnostics

Retry packets

Number of duplicate messages sent by the client to its associated RADIUS server.

Invalid secrets

Number of messages with invalid accounting secrets sent by the client to its associated RADIUS server.

Challenges

Number of challenges sent by the client to its associated RADIUS server.

Invalid requests

Number of invalid RADIUS requests made by this RADIUS client. For example, the client is sending incorrectly formed packets to the RADIUS server because there is a configuration error or the device does not conform to the RADIUS standard.

Invalid types

Number of invalid accounting types sent by the client to its associated RADIUS server. For example, the client sends a RADIUS packet on the server accounting port that is not a RADIUS Accounting-Request packet.

Dropped Packets

Number of RADIUS accounting packets dropped by the RADIUS client because it received more packets than it could handle.

Accounting Statistics

Accounting tracks the network resources used by users. Accounting statistics include the following.

                                                             

Statistic

Description

Accounting Request Diagnostics

Retry packets

Number of duplicate packets sent by the client to its associated RADIUS server.

Invalid secrets

Number of failed authentication requests sent by this client, where the failure is due to using an invalid secret.

Invalid requests

Number of invalid RADIUS requests that this client sent to its associated server. For example, the client sends a request that does not parse properly.

Invalid types

Number of invalid authentication types sent by the client to its associated RADIUS server. For example, the client sends a request to the wrong port on the server.

Dropped packets

Number of RADIUS authentication packets sent by the client to its associated RADIUS server that the server drops for various reasons, such as a resource error.

Accounting Request Types

Starts

Number of accounting start messages sent by the client to its associated RADIUS server.

Stops

Number of accounting stop messages sent by the client to its associated RADIUS server.

Interim requests

Number of interim accounting packets sent by the client to its associated RADIUS server.

Ons

Number of Accounting-On messages sent by the client to its associated RADIUS server when the RADIUS client restarts.

Offs

Number of Accounting-Off messages sent by the client to its associated RADIUS server when the RADIUS client shuts down.

Acks

Number of acknowledgement messages that the associated RADIUS server sent to this client.

Summary Statistics

Summary statistics include information about authentication and accounting requests, accepts and rejects.

                                   

Statistic

Description

Auth reqs

Total number of authentication requests sent by this client to its associated RADIUS server.

Accepts

Number of accept messages that the client received from its associated RADIUS server.

Rejects

Number of reject messages that the client received from its associated RADIUS server.

Acct Reqs

Total number of accounting requests sent by the client to its associated RADIUS server.

Starts

Number of transactions handled by this client in which a dial-in connection was started following a successful authentication.

Stops

Number of transactions handled by this client in which a dial-in connection was terminated by the RADIUS client.

Accounting Attributes and Administrator Actions to Record

When users authenticate, RADIUS clients send attributes for each user authentication attempt. RADIUS servers collect this information and can save as much or as little as needed for billing or monitoring purposes. The server writes the information to a comma-delimited file suitable for inclusion in a spreadsheet or other application.

RADIUS log files record administrator actions including authentications and any changes made using the Security Console or Operations Console.

The following table describes the files that establish settings for accounting and logging. For more information on modifying configuration files, see the RSA Authentication Manager RADIUS Reference Guide.

                   
FilenameFunction
account.iniControls how RADIUS accounting attributes are logged.
radius.iniControls (among other things) the types of messages that RADIUS records in the server log file and the location of the log directory.

 

 

 

 


Attachments

    Outcomes