Используя linelog
linelog log_postauth {
filename = syslog
syslog_facility = authpriv
syslog_severity = info
format = "ACCEPTED: %{User-Name} %{control:Tmp-String-0}, %{control:Tmp-String-1}, nas address: %{request:Called-Station-Id}, remote address: %{request:Calling-Station-Id}"
}
linelog log_postreject {
filename = syslog
syslog_facility = authpriv
syslog_severity = warning
format = "REJECTED: %{User-Name} %{control:Tmp-String-0}, %{control:Tmp-String-1}, nas address: %{request:Called-Station-Id}, remote address: %{request:Calling-Station-Id}"
}
И на сервере
post-auth {
Post-Auth-Type ACCEPT {
log_postauth
}
Post-Auth-Type REJECT {
log_postreject
}
}
Затем отправьте его с помощью службы rsyslog
if $syslogfacility-text == 'authpriv'
then {
action(type="omfwd" target="10.254.144.141" protocol="udp" port="514")
}