Hi All,
so creating alerts on freeradius is somewhat not possible. Because the Freeradius Extend command pulls data as follow.
FreeRADIUS-Total-Access-Requests = 1365514
FreeRADIUS-Total-Access-Accepts = 58858
FreeRADIUS-Total-Access-Rejects = 1293575
FreeRADIUS-Total-Access-Challenges = 0
FreeRADIUS-Total-Auth-Responses = 1352433
FreeRADIUS-Total-Auth-Duplicate-Requests = 6459
FreeRADIUS-Total-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Auth-Dropped-Requests = 13077
FreeRADIUS-Total-Auth-Unknown-Types = 0
FreeRADIUS-Total-Accounting-Requests = 4248049
FreeRADIUS-Total-Accounting-Responses = 4237291
FreeRADIUS-Total-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Acct-Dropped-Requests = 10749
FreeRADIUS-Total-Acct-Unknown-Types = 0
FreeRADIUS-Total-Proxy-Access-Requests = 0
FreeRADIUS-Total-Proxy-Access-Accepts = 0
FreeRADIUS-Total-Proxy-Access-Rejects = 0
FreeRADIUS-Total-Proxy-Access-Challenges = 0
FreeRADIUS-Total-Proxy-Auth-Responses = 0
FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0
FreeRADIUS-Total-Proxy-Accounting-Requests = 4178716
FreeRADIUS-Total-Proxy-Accounting-Responses = 4178684
FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0
FreeRADIUS-Stats-Start-Time = "Dec 4 2019 14:40:08 SAST"
FreeRADIUS-Stats-HUP-Time = "Dec 12 2019 06:25:08 SAST"
FreeRADIUS-Queue-Len-Internal = 0
FreeRADIUS-Queue-Len-Proxy = 0
FreeRADIUS-Queue-Len-Auth = 0
FreeRADIUS-Queue-Len-Acct = 0
FreeRADIUS-Queue-Len-Detail = 0
which means if I want to create a rule that looks at Access Requests IF it goes below 200 âALERT meâ
but it wont work because its logged as TOTAL which will never go down unless freeradius is restarted.
How does LibreNMS Graph Radius as follow.
Libre Graphs the Requests and Accepts eg. as per second.
But in the DB it looks the same as the Extend Freeradius Script.
So how can I alert on the graph statistics?
Thanks for the read
Hello.
Iâve did some âlabâ here. All of the metrics are kept in DB, so itâs kind easy to do.
What you need is to estimate the average amount on such packets on your network.
Then run this SQL query:
MariaDB [librenms]> select metric,value,value_prev from application_metrics where app_id = â12â AND metric = âaccess_requestsâ;
±----------------±------±-----------+
| metric | value | value_prev |
±----------------±------±-----------+
| access_requests | 215 | 152 |
±----------------±------±-----------+
It returns metrics for access_requests. As you see - there is value and value_prev. After estimating average amount of packets you can do easy math in SQL query, compare value_prev and current value.
Remember that it would require to run polling for freeradius module more often.
For me running poller.php (only an FreeRadius module) takes about 3 seconds, so you can easily run it for example - twice a minute and set a correct value in alert then.
time ./poller.php -h 557 -m applications/freeradius
real 0m3,713s
user 0m0,272s
sys 0m0,056s
Here you got simple SQL rule for alert (remember tuning it to your setup) and enabling âSQL Overrideâ:
select (value-value_prev) as requests from application_metrics where app_id = â12â AND metric = âaccess_requestsâ HAVING requests < 100;
This alert would trigger if difference between previous metric and current drops lower than 100.
In my environment calling the poller script twice a minute and this rule triggers as soon as amount of requests drop to alarming level.
I hope it helps.
1 Like
You are a live saver Thank you very much!!!
Guys Please note that this is how I set it up and its working 100%
On your Alert
Custom SQL
SELECT *,(value-value_prev) as 'requests' FROM devices,applications,application_metrics WHERE (devices.device_id = ? AND devices.device_id = applications.device_id AND applications.app_id = application_metrics.app_id) AND metric = 'access_requests' HAVING requests < 100
and the nice guy I am here is my alert Template.
<div style="font-family:Helvetica;">
<b> @if ($alert->state == 1) <span style="color:red; font-size: 20px;">Freeradius Requests Error </b> @endif
<b> @if ($alert->state == 0) <span style="color:green; font-size: 20px;">Freeradius Recovered </b> @endif
</span></b>
<br><br>
@if ($alert->faults)
@foreach ($alert->faults as $key => $value)
<b>Device:</b> @if ($alert->transport == mail)
<a href="https://xx/device/device={{ $alert->device_id }}/">{{ $alert->sysName }}</a>
@else
{{ $alert->sysName }}
@endif <br>
<b>Device IP:</b> {{ $alert->ip }}<br>
<b>Device OS:</b> {{ $alert->os }}<br>
<br>
<b>Device Type:</b> {{ $alert->type }}<br>
<b>Ping Timestamp:</b> {{ $alert->ping_max }}<br>
<br>
<b>Uptime:</b> {{ $alert->uptime_long }}<br>
<b>âł Duration:</b> {{ $alert->elapsed }}<br>
<br>
<b>Requests Per Poll:</b> {{ $value['requests'] }}<br>
<b>Total Requests:</b> {{ $value['value'] }}<br>
<br>
<br>
<b>Alert:</b> {{ $alert->name }}<br>
@endforeach
@if ($alert->faults) <b>Freeradius:</b><br>
@foreach ($alert->faults as $key => $value)<img src="https://xx/graph.php?&id={{ $value['app_id'] }}&type=application_freeradius_access&width=459&height=213&lazy_w=552&from=end-72h"><br>
<br>
<br>
<html>
<head>
<title>Postfix Queue</title>
<style>
.button {
background-color: #4CAF50; /* Green */
border: black;
color: black;
padding: 15px 32px;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 20px;
margin: 4px 2px;
cursor: pointer;
-webkit-transition-duration: 0.4s; /* Safari */
transition-duration: 0.4s;
}
.button2:hover {
box-shadow: 0 12px 16px 0 rgba(0,0,0,0.24),0 17px 50px 0 rgba(0,0,0,0.19);
</style>
</head>
<body>
<a href="https://xx/device/device={{ $value['device_id'] }}" button class="button button2">Enter Host</button> </a>
</body>
</html>
@endforeach
@endif
@endif
</div>
Good job. Iâm glad I could help. 
1 Like