Dot11 Guru

802.11, RADIUS

Logz.io and Microsoft NPS RADIUS Server integration

Recently we have moved to certificate authentication over MSCHAPv2. This was a large task, and required a lot of monitoring of log files. We used the logz.io product to collate and filter data.

Our logging from the Microsoft NPS servers was rudimentary. We had text files of 100MB each, rotating up to 20 times a day, across 8 servers. The content within the text file was extremely hard to read, requiring the use of IAS attribute tables.

(see https://www.deepsoftware.com/iasviewer/attributeslist.html)

This screenshot doesn’t show much, I had to remove a lot of the information, but it gives a good idea of just how readable these log entries are:

We reduced the max size of the log files to 10MB. This was to speed up the time between the event occuring and it appearing within logz.io. Then we utilised the filebeat application provided by Logz.io to transfer the files to the cloud.

The next step was to match attributes using GROK. We’re looking for things like reason codes, packet types, BSSID, usernames, calling station IDs. Once we have a list of attributes, we are finally able to understand the data through the use of dashboards.

Share this:

Leave a Reply