use DNS in logging

11 views
Skip to first unread message

John Hartlove

unread,
May 14, 2025, 2:06:06 PMMay 14
to event-driv...@googlegroups.com
Greetings!

First off, many thanks for a terrific product!  I am grateful for your continued support.

Is there any way to direct tacplus-ng in the config to reverse lookup the IPs in the accounting logs?  Here is a sample output of my logs as it stands:

2025-05-14 17:54:56 +0000 172.31.40.98  backdoor        tty0    async   stop    shell   show running-config <cr>

I would much prefer that it resolve the ip and list the name rather than just list the IP.

Marc Huber

unread,
May 14, 2025, 2:19:37 PMMay 14
to event-driv...@googlegroups.com

Hi,

yes, logging is customizable, and DNS reverse lookup support (via c-ares) is one of the (auto-detected) compile time options. Please have a look at

https://projects.pro-bono-publico.de/event-driven-servers/doc/tac_plus-ng.html#AEN407

for log format configuration details.

Cheers,

Marc

--
You received this message because you are subscribed to the Google Groups "Event-Driven Servers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to event-driven-ser...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/event-driven-servers/CAMsxAOo1xaAO9vMC8zonr4FdJ_LD6AGqCFFy%3DODZM9ue5LD0Fg%40mail.gmail.com.
Message has been deleted
Message has been deleted

John Hartlove

unread,
May 14, 2025, 3:53:10 PMMay 14
to Event-Driven Servers
This is excellent info!   Thanks so much for the help.  I was able to figure out where the issue was in my config!

Marc Huber

unread,
May 15, 2025, 11:40:07 AMMay 15
to event-driv...@googlegroups.com
Hi,

you didn't adjust the logging format. Try using ${device.dnsname} in place of ${nas}.

Cheers,

Marc

On 14.05.2025 21:46, John Hartlove wrote:
I stood up a test server and compiled from source (with all the required libs) using the same config and I am getting the same result. 

Here is the simple config I am using:

#!../sbin/tac_plus-ng

id = spawnd {
        background = no
#       single process = yes
        listen { port = 49 }
        spawn {
                instances min = 1
                instances max = 32
        }
}

id = tac_plus-ng {

        log acctlog {

        destination = /usr/local/etc/log/acct.log
        accounting format = "${nas} | ${user} | ${port} | ${nac} | ${cmd}"

         }

        accounting log = acctlog

        dns servers = 100.68.226.61
        dns reverse-lookup = yes

        device world {
                address = {redacted}
                #address = {redacted}
                key = {redacted}
        }
}

On Wednesday, May 14, 2025 at 2:34:37 PM UTC-4 John Hartlove wrote:
This is excellent!  Thanks so much for the help.  I am using a docker image.  Is there anyway to determine if the version I am running has c-ares compiled into it?  I am doing what the docs say and am having no luck.

On Wednesday, May 14, 2025 at 2:19:37 PM UTC-4 Marc Huber wrote:
Reply all
Reply to author
Forward
0 new messages