RADIUS Server Log Files

Document created by RSA Information Design and Development Employee on Jun 13, 2017Last modified by RSA Information Design and Development Employee on Jan 19, 2021
Version 17Show Document
  • View in full screen mode

The server log file records RADIUS events, such as server startup or shutdown or user authentication or rejection, as a series of messages in an ASCII text file. Each line of the server log file identifies the date and time of the RADIUS event, followed by event details. You can open the current log file while RADIUS is running.

You can specify a maximum size for a server log file by entering a non-zero value for the LogfileMaxMBytes setting in the [Configuration] section of the radius.ini file.

  • If a maximum file size is set, the server log filename identifies the date and time it was opened (YYYYMMDD_HHMM.log). When the current server log file approaches the specified number of megabytes (1024 x 1024 bytes), the current log file is closed and a new one is opened. The closed file will be slightly smaller than the specified maximum file size.

  • If the maximum file size is set to 0 (or if the LogfileMaxMBytes setting is absent), the server log file size is ignored, and log filenames are date stamped to identify when they were opened (YYYYMMDD.log).

Note:  The size of the log file is checked once per minute, and the log file cannot roll over more than once a minute. The log file may exceed the specified maximum file size temporarily (for less than a minute) after it passes the LogfileMaxMBytes threshold between size checks.

You can control the level of detail recorded in server log files by use of the LogLevel, LogAccept, LogReject, and TraceLevel settings.

The LogLevel setting determines the level of detail given in the server log file. The LogLevel can be the number 0, 1, or 2, where 0 is the least amount of information, 1 is intermediate, and 2 is the most verbose. The LogLevel setting is specified in the [Configuration] section of radius.ini and in the [Settings] sections of .aut files.

The LogAccept and LogReject flags allow you to turn on or off the logging of Access-Accept and Access-Reject messages in the server log file. These flags are set in the [Configuration] section of radius.ini. A value of 1 causes these messages to be logged, and a value of 0 causes the messages to be omitted. An Accept or Reject is logged only if LogAccept or LogReject, respectively, is enabled and the LogLevel is “verbose” enough for the message to be recorded.

The TraceLevel setting specifies whether to log packets when they are received and being processed, and what level of detail to recorded in the log.

Using the Accounting Log File

RADIUS accounting events are recorded in the accounting log file. Accounting events include START messages, indicating the beginning of a connection; STOP messages, indicating the termination of a connection, and INTERIM messages, indicating that a connection is ongoing.

Accounting log files use comma-delimited, ASCII format, and are intended for import into a spreadsheet or database program. Accounting log files are located in the RADIUS database directory by default. Accounting log files are named yyyymmdd.ACT, where yyyy is the 4-digit year, mm is the month, and dd is the day on which the log file was created.

The current log file can be opened while RADIUS is running.

Accounting Log File Format

The first six fields in every accounting log entry are provided by RADIUS for your convenience in reading and sorting the file:

  • Date. The date when the event occurred

  • Time. The time when the event occurred

  • RAS-Client. The name or IP address of the RADIUS client sending the accounting record

  • Record-Type. START, STOP, INTERIM, ON, or OFF, the standard RADIUS accounting packet types

  • Full-Name. The fully distinguished name of the user, based on the authentication performed by the RADIUS server

  • Auth-Type. A number that indicates the class of authentication performed:

    10—SecurID User

    11—SecurID Prefix

    12—SecurID Suffix

By default, the standard RADIUS attributes follow the Auth-Type identifier. For more information, see Standard RADIUS Accounting Attributes.

You can edit the account.ini initialization file to add, remove, or reorder the standard RADIUS or vendor-specific attributes that are logged. For more information, see the RSA Authentication Manager RADIUS Reference Guide.

Accounting Log File Headings and Placeholders

The first line of the accounting log file is a file header that lists the attributes that have been enabled for logging in the order in which they are logged. The following example of a first line shows the required headings in bold italic, the standard RADIUS headings in bold, and the vendor-specific headings in regular text:

"Date","Time", "RAS-Client", "Record-Type", "Full-Name", "Auth-Type",

"User-Name", "NAS-Port", "Acct-Status-Type", "Acct-Delay-Time",

"Acct-Input-Octets", "Acct-Output-Octets", "Acct-Session-Id",

"Acct-Authentic","Acct-Session-Time", "Acct-Input-Packets", "Acct-Output-Packets",

"Acct-Termination-Cause", "Acct-Multi-Session-Id",






"Channel","Event-Id","Event-Date-Time", "Call-Start-Date-Time","Call-End-Date-Time",












"Simplified-MNP-Levels","Simplified-V42bis-Usage", "PW_VPN_ID"

RSA RADIUS writes accounting events to the accounting log file. If an event recorded in the accounting log file does not have data for every attribute, a comma placeholder marks the empty entry so that all entries remain correctly aligned with their headings. For example, based on the “first line” of headings shown in the example above, the following is a valid accounting log entry, in which the value of the Acct-Status-Type attribute is 7:









You are here
Table of Contents > RADIUS > RADIUS Server Log Files