Updated Optimization directory structure to standard format / index file.
Added links to tools man pages included with antora docs.
* xref:index.adoc[Introduction]
** xref:getstarted.adoc[Getting Started]
*** xref:debugging/radiusd_X.adoc[Debugging]
-*** xref:debugging/startup.adoc[Startup]
+*** xref:debugging/startup.adoc[Startup ]
*** xref:debugging/processing.adoc[Processing Packets]
*** xref:gethelp.adoc[Getting Help]
** xref:bestpractices.adoc[Best Practices]
*** xref:vendors/cisco.adoc[Cisco]
*** xref:vendors/proxim.adoc[ProxIM]
-** xref:monitoring/optimize.adoc[Optimization]
-*** xref:monitoring/index.adoc[Monitoring]
-**** xref:monitoring/logging_examples.adoc[Log Examples]
-**** xref:monitoring/statistics.adoc[Server Statistics]
+** xref:optimization/index.adoc[Optimization]
+*** xref:optimization/auditing.adoc[Auditing]
+*** xref:optimization/monitoring/index.adoc[Monitoring]
+**** xref:optimization/monitoring/logging_examples.adoc[Log Examples]
+**** xref:optimization/monitoring/statistics.adoc[Server Statistics]
*** xref:tuning/performance-testing.adoc[Performance Testing]
-*** xref:monitoring/tools/index.adoc[Tools]
-**** xref:monitoring/tools/radclient_tool.adoc[Radclient]
-**** xref:monitoring/tools/radsniff_tool.adoc[Radsniff]
-**** xref:monitoring/tools/radmin_tool.adoc[Radmin]
+*** xref:optimization/tools/index.adoc[Tools]
+**** xref:optimization/tools/radclient_tool.adoc[Radclient]
+**** xref:optimization/tools/radsniff_tool.adoc[Radsniff]
+**** xref:optimization/tools/radmin_tool.adoc[Radmin]
*** xref:tuning/tuning_guide.adoc[Tuning Guide]
***** xref:protocols/dhcp/policy_common_options.adoc[Common options]
***** xref:protocols/dhcp/policy_network_options.adoc[Network options and IP pool selection]
***** xref:protocols/dhcp/policy_subnet_options.adoc[Subnet options]
-***** xref:protocols/dhcp/policy_device_options.adoc[Device, class and group options]
+***** xref:protocols/dhcp/policy_device_options.adoc[Device, class and group options]
***** xref:protocols/dhcp/policy_ippool_access.adoc[IP pool access restriction]
** Security Certificates
*** xref:vendors/proxim.adoc[ProxIM]
** Optimization
-*** xref:monitoring/index.adoc[Monitoring]
-**** xref:monitoring/statistics.adoc[Server Statistics]
+*** xref:optimization/monitoring/index.adoc[Monitoring]
+**** xref:optimization/monitoring/statistics.adoc[Server Statistics]
*** xref:tuning/performance-testing.adoc[Performance Testing]
*** xref:tuning/tuning_guide.adoc[Tuning Guide]
--- /dev/null
+= Auditing
+
+Auditing refers to the proactive analysis of accounting logs and other data sources. This ongoing process makes up part of the maintenance and xref:optimization/monitoring/index.adoc[monitoring] of the entire system. Auditing examines data to comprehend user patterns and system behavior. These insights detail how users interact with the network after successful authentication. Audits help to identify unauthorized access, policy violations, compromised NASes, and other anomalies.
+
+For example, a user manages to override site policy and log into a particular server. The site policy failed to deny that user access. by performing an audit of the AAA records, you would see that policy violation. The audit shows that the site policy needs an update by the network administrator to prevent future policy violations. Subsequent audits would track long-term behavior ensuring that the policy is being enforced.
It can be challenging to identify issues or what component needs adjusting. To start, you need to gather statistics through monitoring to identify the bottlenecks in your system. This important activity allows you to determine the most critical areas for improvement.
-== Why Optimize?
+== Why optimize?
A poorly optimized FreeRADIUS server can lead to slow authentication times, timeouts, and even system instability. Enhance your FreeRADIUS server’s performance, reliability, and resource efficiency to enhance the user experience while maintaining a secure environment.
Optimizing resources and configurations helps maintain a stable and robust RADIUS server, reducing the risk of crashes or outages. Optimizing FreeRADIUS helps ensure consistent and reliable network access, minimizing disruptions.
-=== Resource Efficiency
+=== Resource efficiency
Optimizing resource usage (CPU, memory, disk I/O) allows you to run FreeRADIUS effectively even on limited hardware. If FreeRADIUS is integrated with a datastore, implementing well-structured querires prevents bottlenecks.
The optimization section is organized by the following topic areas:
-== xref:monitoring/index.adoc[Monitoring]
+== xref:optimization/auditing.adoc[Auditing]
+
+Auditing provides valuable insights into user behavior, policy enforcement, and potential security risks. Auditing is the basis of robust network security and management processes.
+
+== xref:optimization/monitoring/index.adoc[Monitoring]
Monitoring the FreeRADUS server and network components includes observing the AAA processes and how the overall system is operating. Several logging options help the administrator generate statistics to determine where issues are occurring such as slow connectivity or authentications.
-FreeRADIUS is packaged with a xref:monitoring/statistics.adoc[virtual statistics server] that enables you to select what you want to watch or help find a problem.
+FreeRADIUS is packaged with a xref:optimization/monitoring/statistics.adoc[virtual statistics server] that enables you to select what you want to watch or help find a problem.
== xref:tuning/performance-testing.adoc[Performance Testing]
Performance testing helps you figure out what the maximum loads can be without affecting operations. As your network grows, a non-optimized server may struggle to handle the increased authentication and accounting loads, especially during peak hours.
-== xref:monitoring/tools/index.adoc[Tools]
+== xref:optimization/tools/index.adoc[Tools]
FreeRADIUS is packaged with some useful tools such as radsniff and radclient that are used in testing, monitoring, and gathering statistics. These tools give you a top-level view of the health of your server, clients, and processess.
Checking the running service can include the following:
-* Ensuring the daemon is still running, i.e. process monitoring
-* Sending regular RADIUS authentication or accounting requests and checking they are correctly responded to
-* Sending Status-Server RADIUS requests
+* Ensuring the daemon is still running, i.e. process monitoring.
+* Sending regular RADIUS authentication or accounting requests and checking they are correctly responded to.
+* Sending Status-Server RADIUS requests.
Within a proxy environment FreeRADIUS needs to know if upstream
proxies are available. It can do this itself by issuing request as outlined in the options above.
FreeRADIUS has many options for being able to generate and store
logs, including the following:
-* Main daemon logging, configured in xref:reference:raddb/radiusd.conf.adoc[`radiusd.conf`]
-* Line-based text logging, using xref:reference:raddb/mods-available/linelog.adoc[`rlm_linelog`]
-* Detailed RADIUS packet logs, using xref:reference:raddb/mods-available/detail.adoc[`rlm_detail`]
+* Main daemon logging, configured in xref:reference:raddb/radiusd.conf.adoc[`radiusd.conf`].
+* Line-based text logging, using xref:reference:raddb/mods-available/linelog.adoc[`rlm_linelog`].
+* Detailed RADIUS packet logs, using xref:reference:raddb/mods-available/detail.adoc[`rlm_detail`].
As well as recording direct to disk, the options above can be sent via a
local syslog server, which opens up many opportunities for central
It is possible to integrate FreeRADIUS into other more complicated
logging systems, some options may include:
-* To CSV files, for example via xref:reference:raddb/mods-available/linelog.adoc[`rlm_linelog`]
-* Writing entries to an SQL database using xref:reference:raddb/mods-available/sql.adoc[`rlm_sql`]
-* Into a log management system such as Elasticsearch or Graylog
+* To CSV files, for example via xref:reference:raddb/mods-available/linelog.adoc[`rlm_linelog`].
+* Writing entries to an SQL database using xref:reference:raddb/mods-available/sql.adoc[`rlm_sql`].
+* Into a log management system such as Elasticsearch or Graylog.
== Statistics gathering
Statistics are usually gathered in two ways:
-* FreeRADIUS xref:monitoring/statistics.adoc[internal statistics]
-* Analysing logs with some external tool
+* FreeRADIUS xref:optimization/monitoring/statistics.adoc[internal statistics].
+* Analyzing logs with some external tool.
-= Server statistics
+= Server Statistics
FreeRADIUS collects statistics internally about certain operations
it is doing, such as the number of authentication and accounting
These can be queried by sending a specially-crafted RADIUS
`Status-Server` packet to a "status" virtual server.
-== Configuring the status virtual server
+== Configure the status virtual server
The `status` virtual server is present in the default
configuration, but needs to be enabled before it can be used. To
Having enabled and configured the status server, restart
FreeRADIUS to make it active.
-== Querying the server
+== Query the server
To get the current statistics from the server, send a RADIUS
request of type `Status-Server` to the status port. Unless edited
Each tool has a specific purpose and is designed to work seamlessly together. These tools include:
-== xref:monitoring/tools/radclient_tool.adoc[radclient]
+== xref:optimization/tools/radclient_tool.adoc[radclient]
Radclient enables you to setup mock clients to perform basic authentication testing. The radius.client file is used to popoulate the list that is read by the radclient tool.
-== xref:monitoring/tools/radsniff_tool.adoc[radsniff]
+== xref:optimization/tools/radsniff_tool.adoc[radsniff]
Radsniff allows you to inspect and process any type of RADIUS packet that's on the network. This tool can be used in conjunction with th radclient tool and as well with performance testing.
-== xref:monitoring/tools/radmin_tool.adoc[radmin]
+== xref:optimization/tools/radmin_tool.adoc[radmin]
Radadmin is a administration tool designed to administer and interact with a running FreeRADIUS server. It enables users to monitor statistics, view configuration, and make changes without the need to restart the server. FreeRADIUS Server is an that connects to the control socket of a running server, providing a command-line interface to manage it.
-= Using radclient
+= Radclient
-Policy issues for basic authentication protocols such as PAP, CHAP and MSCHAP, as well as for accounting and CoA/Disconnect requests, can be investigated using the radclient command whilst the server is in debug mode.
-Firstly, create an authentication packet definition by specifying its attributes. For example:
+Policy issues for basic authentication protocols such as PAP, CHAP and MSCHAP, as well as for accounting and CoA/Disconnect requests, can be investigated using the radclient command while the server is in debug mode.
+First, create an authentication packet definition by specifying its attributes. See the xref:reference:man/radclient.adoc[radclient] man page for more details.
+
+For example:
```
nwkrad@radius-fe-01$ cat <<EOF > auth_request.txt
-= Using radmin
+= Radmin
-It's possible to retrieve debug logs from FreeRADIUS while it is running in normal multi-threaded mode by using the radmin tool. This has the benefit of not interrupting the normal operations of FreeRADIUS server. It also allows for selective logging of packets which match a specified criteria.
+It's possible to retrieve debug logs from FreeRADIUS while it is running in normal multi-threaded mode by using the radmin tool. This has the benefit of not interrupting the normal operations of FreeRADIUS server. It also allows for selective logging of packets which match a specified criteria. See the xref:reference:man/radmin.adoc[radmin] man page for more details.
== Getting Started
-= Using radsniff
+= Radsniff
The radsniff tool is extremely useful for debugging RADIUS packet flows, either by monitoring the live network interfaces or by processing a PCAP-based traffic dump.
-To see the different switches that can be used, see the xref:reference:man/radsniff.adoc[radsniff] man page included with this documentation.
+See the xref:reference:man/radsniff.adoc[radsniff] man page for more details.
== Packet capture processing
-= RADIUS Test Procedures
+= Performance Testing
== Introduction
projects / thirdparty / freeradius-server.git / commitdiff
