Udostępnij za pośrednictwem


Interpreting database-import log files

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

 

Interpreting database-import log files

Unlike IAS-formatted log files, database-import log files present the data in a standard sequence and use a structure that is identical, regardless of the network access server (NAS) that sends the data. This consistent sequence and structure helps simplify accounting and authentication records. Data can be easily exported to a database.

Note

  • Although IAS supports both IAS-formatted and database-import log files, the database-import log format should be used in most instances because it supports the use of ODBC-compliant tools.

Entries recorded in database-import log files

The following are example entries (Access-Request and Access-Accept) from a database-import log file.

"CLIENTCOMP","IAS",06/17/1999,13:04:33,1,"client",,,,,,,,,9,"10.10.10.10","iasclient",,,,,,,1,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

"CLIENTCOMP","IAS",06/17/1999,13:04:33,2,,"iasclientdc/Users/client",,,,,,,,9,"10.10.10.10","iasclient",,,,,,2,1,"Allow access if dial-in permission is enabled",0,"311 1 10.10.10.11 06/17/1999 20:04:30 1",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

The following table shows the attributes that can be contained in a record in the database-import log file, the sequence in which they are recorded, and how the example above is interpreted.

Notes

  • A blank field in the first column indicates that the NAS did not include the attribute in the packet (in the example entry).

  • The Data type column identifies the data type (text, number, or time) for each attribute. When you create a database into which log files are imported, you must define each field for the data type of the attribute value that will be imported into it. In database-import log files, text values (such as strings, octet strings, and IP addresses) are always surrounded by double quotes. If the double quotes appear within the string, then they are replaced with a double set of double quotes.

  • This table shows the values for the IAS-internal attribute.

  • To help read and interpret the database format log files, the Iasparse tool is included in the Using the Windows Deployment and Resource Kits. This tool can be used to parse log files and provide output in a readable format.

Value shown in example Attribute Data type Represents

"CLIENTCOMP"

ComputerName

Text

The name of the server where the packet was received (this is an IAS-internal attribute).

"IAS"

ServiceName

Text

The name of the service that generated the record—IAS or the Routing and Remote Access service (this is an IAS-internal attribute).

6/14/2000

Record-Date

Time

The date at the IAS or Routing and Remote Access server (this is an IAS-internal attribute).

17:58:39

Record-Time

Time

The time at the IAS or Routing and Remote Access server (this is an IAS-internal attribute).

1

Packet-Type

Number

The type of packet, which can be:

  • 1 = Accept-Request

  • 2 = Access-Accept

  • 3 = Access-Reject

  • 4 = Accounting-Request

This is an IAS-internal attribute.

"client"

User-Name

Text

The user identity, as specified by the user.

 

Fully-Qualified-User-Name

Text

The user name in canonical format (this is an IAS-internal attribute).

 

Called-Station-ID

Text

The phone number dialed by the user.

 

Calling-Station-ID

Text

The phone number from which the call originated.

 

Callback-Number

Text

The callback phone number.

 

Framed-IP-Address

Text

The framed address to be configured for the user.

 

NAS-Identifier

Text

The text that identifies the NAS originating the request.

 

NAS-IP-Address

Text

The IP address of the NAS originating the request.

 

NAS-Port

Number

The physical port number of the NAS originating the request.

9

Client-Vendor

Number

The manufacturer of the NAS (this is an IAS-internal attribute).

"10.10.10.10"

Client-IP-Address

Text

The IP address of the RADIUS client (this is an IAS-internal attribute).

"iasclient"

Client-Friendly-Name

Text

The friendly name for the RADIUS client (this is an IAS-internal attribute).

 

Event-Timestamp

Time

The date and time that this event occurred on the NAS.

 

Port-Limit

Number

The maximum number of ports that the NAS provides to the user.

 

NAS-Port-Type

Number

The type of physical port that is used by the NAS originating the request.

 

Connect-Info

Text

Information that is used by the NAS to specify the type of connection made. Typical information includes connection speed and data encoding protocols.

 

Framed-Protocol

Number

The protocol to be used.

 

Service-Type

Number

The type of service that the user has requested.

1

Authentication-Type

Number

The authentication scheme, which is used to verify the user and can be:

  • 1 = PAP

  • 2 = CHAP

  • 3 = MS-CHAP

  • 4 = MS-CHAP v2

  • 5 = EAP

  • 7 = None

  • 8 =Custom

This is an IAS-internal attribute.

 

NP-Policy-Name

Text

The friendly name of the remote access policy that either granted or denied access. This attribute is logged in Access-Accept and Access-Reject messages. If a user is rejected because none of the remote access policies matched, then this attribute is blank.

0

Reason-Code

Number

The reason for rejecting a user, which can be:

  • 0 = IAS_SUCCESS

  • 1 = IAS_INTERNAL_ERROR

  • 2 = IAS_ACCESS_DENIED

  • 3 = IAS_MALFORMED_REQUEST

  • 4 = IAS_GLOBAL_CATALOG_UNAVAILABLE

  • 5 = IAS_DOMAIN_UNAVAILABLE

  • 6 = IAS_SERVER_UNAVAILABLE

  • 7 = IAS_NO_SUCH_DOMAIN

  • 8 = IAS_NO_SUCH_USER

  • 16 = IAS_AUTH_FAILURE

  • 17 = IAS_CHANGE_PASSWORD_FAILURE

  • 18 = IAS_UNSUPPORTED_AUTH_TYPE

  • 32 = IAS_LOCAL_USERS_ONLY

  • 33 = IAS_PASSWORD_MUST_CHANGE

  • 34 = IAS_ACCOUNT_DISABLED

  • 35 = IAS_ACCOUNT_EXPIRED

  • 36 = IAS_ACCOUNT_LOCKED_OUT

  • 37 = IAS_INVALID_LOGON_HOURS

  • 38 = IAS_ACCOUNT_RESTRICTION

  • 48 = IAS_NO_POLICY_MATCH

  • 64 = IAS_DIALIN_LOCKED_OUT

  • 65 = IAS_DIALIN_DISABLED

  • 66 = IAS_INVALID_AUTH_TYPE

  • 67 = IAS_INVALID_CALLING_STATION

  • 68 = IAS_INVALID_DIALIN_HOURS

  • 69 = IAS_INVALID_CALLED_STATION

  • 70 = IAS_INVALID_PORT_TYPE

  • 71 = IAS_INVALID_RESTRICTION

  • 80 = IAS_NO_RECORD

  • 96 = IAS_SESSION_TIMEOUT

  • 97 = IAS_UNEXPECTED_REQUEST

This is an IAS-internal attribute.

 

Class

Text

The attribute that is sent to client in an Access-Accept packet.

 

Session-Timeout

Number

The length of time (in seconds) before the session is terminated.

 

Idle-Timeout

Number

The length of idle time (in seconds) before the session is terminated.

 

Termination-Action

Number

The action that the NAS should take when service is completed.

 

EAP-Friendly-Name

Text

The friendly name that is used with Extensible Authentication Protocol (EAP).

 

Acct-Status-Type

Number

The number that specifies whether an accounting packet starts or stops a bridging, routing, or Terminal Server session.

 

Acct-Delay-Time

Number

The length of time (in seconds) for which the NAS has been sending the same accounting packet.

 

Acct-Input-Octets

Number

The number of octets received during the session.

 

Acct-Output-Octets

Number

The number of octets sent during the session.

 

Acct-Session-Id

Text

The unique numeric string that identifies the server session.

 

Acct-Authentic

Number

The number that specifies which server authenticated an incoming call.

 

Acct-Session-Time

Number

The length of time (in seconds) for which the session has been active.

 

Acct-Input-Packets

Number

The number of packets received during the session.

 

Acct-Output-Packets

Number

The number of packets sent during the session.

 

Acct-Terminate-Cause

Number

The reason that a connection was terminated.

 

Acct-Multi-Ssn-ID

Text

The unique numeric string that identifies the multilink session.

 

Acct-Link-Count

Number

The number of links in a multilink session.

 

Acct-Interim-Interval

Number

The length of interval (in seconds) between each interim update that the NAS sends.

 

Tunnel-Type

Number

The tunneling protocol to be used.

 

Tunnel-Medium-Type

Number

The medium to use when creating a tunnel for protocols. For example, L2TP packets can be sent over multiple link layers.

 

Tunnel-Client-Endpt

Text

The IP address of the tunnel client.

 

Tunnel-Server-Endpt

Text

The IP address of the tunnel server.

 

Acct-Tunnel-Connection

Text

An identifier assigned to the tunnel.

 

Tunnel-Pvt-Group-ID

Text

The group ID for a specific tunneled session.

 

Tunnel-Assignment-ID

Text

The tunnel to which a session is assigned.

 

Tunnel-Preference

Number

The preference of the tunnel type, as indicated with the Tunnel-Type attribute when multiple tunnel types are supported by the access server.

 

MS-Acct-Auth-Type

Number

A Routing and Remote Access service attribute. For more information, see RFC 2548.

 

MS-Acct-EAP-Type

Number

A Routing and Remote Access service attribute. For more information, see RFC 2548.

 

MS-RAS-Version

Text

A Routing and Remote Access service attribute. For more information, see RFC 2548.

 

MS-RAS-Vendor

Number

A Routing and Remote Access service attribute. For more information, see RFC 2548.

 

MS-CHAP-Error

Text

A Routing and Remote Access service attribute. For more information, see RFC 2548.

 

MS-CHAP-Domain

Text

A Routing and Remote Access service attribute. For more information, see RFC 2548.

 

MS-MPPE-Encryption-Types

Number

A Routing and Remote Access service attribute. For more information, see RFC 2548.

 

MS-MPPE-Encryption-Policy

Number

A Routing and Remote Access service attribute. For more information, see RFC 2548.