SYNOPSIS
raddebug [-c condition] [-d config_directory] [-i ipv4-address] [-I ipv6-address] [-f socket_file] [-t timeout] [-u user-name]DESCRIPTION
raddebug is a shell script wrapper around radmin that automates the process of obtaining debugging output from a running server. It does this without impacting service availability, unlike using radiusd -X. There are a number of prerequisites that are required for its proper operation:
* radmin must be available in the PATH.
* The user running raddebug must have permission to connect to
the server control socket.
* The control socket must be configured. For instructions, see
raddb/sites-available/control-socket
* The control socket must be marked as "mode = rw".
* The user running raddebug must have permission to read and
write files in the "logdir" directory. This is usually
/var/log/radiusd.
For a number of reasons, the debugging output is placed in an intermediate file, rather than being sent directly to standard output. In order to prevent this file from growing too large, the raddebug program is automatically terminated after 10 seconds. This timeout can be changed via the "-t" parameter.
When the script exits, debug mode in the server is disabled, and the intermediate file is deleted.
Debug output from a live server can be redirected to only one location. If a second instance of raddebug is started while the first one is still running, the later one will over-ride the first one, and the first will stop producing output.
OPTIONS
- -c condition
- Set a specific debug condition. The format of the condition is as specified in the CONDITIONS section of the unlang manual page.
- -f socket_file
- The path to the control socket. See the radmin manual page for more description of this option.
- -i ipv4-address
-
Show debug output for the client having the given IPv4 address. This
option is equivalent to using:
-c '(Packet-Src-IP-Address == ipv4-address)' - -d config directory
- The radius configuration directory, usually /etc/raddb. See the radmin manual page for more description of this option.
- -I ipv6-address
-
Show debug output for the client having the given IPv6 address. This
option is equivalent to using:
-c '(Packet-Src-IPv6-Address == ipv6-address)' - -t timeout
- Stop printing debug output after "timeout" seconds. The default timeout is sixty (60) seconds. Use "-t 0" to print debugging output forever, or until the script exits.
- -u name
-
Show debug output for users having the given name. This
option is equivalent to using:
-c '(User-Name == name)'