HP-UX AAA Server A.08.00.01 Administrator's Guide
defined in your plug-in. TheACCTLog state in the following example uses a logging
format generated by MYLOG for an ordinary session and uses another format generated
by TUNNELLOG for tunnel sessions.
ACCTlog:
*.*.ACCT_START REPLY Hold
*.*.ACCT_STOP MYLOG REPLYHold
*.*.ACCT_ALIVE REPLY Hold
*.*.ACCT_MSTART REPLY Hold
*.*.ACCT_MSTOP MYLOG REPLYHold
*.*.ACCT_CANCEL REPLY Hold
*.*.ACCT_ON MYLOG REPLYHold
*.*.ACCT_OFF MYLOG REPLYHold
*.*.ACCT_TUNNEL_START REPLY Hold
*.*.ACCT_TUNNEL_STOP TUNNELLOG REPLYHold
*.*.ACCT_TUNNEL_REJECT TUNNELLOG REPLYHold
*.*.ACCT_TUNNEL_LINK_START REPLY Hold
*.*.ACCT_TUNNEL_LINK_STOP TUNNELLOG REPLYHold
*.*.ACCT_TUNNEL_LINK_REJECT TUNNELLOG REPLYHold
Proxy Accounting Messages
If you have a distributed network of AAA servers, you can choose to centralize log
records for some or all of the accounting logs at a single location. The RAD2RAD action
can forward accounting messages to another server, as specified by an Xstring value.
If all accounting messages will be forwarded to a remote server, the ACCTlog state in
the forwarding server's state table can be removed, or commented out as shown below.
1 . . .
2 ACCTwait:
3 *.*.ACK RAD2RAD REPLYHold Xstring="default.accounting.proxy.server"
4 IPPool:
5 *.*.ACK POSTLAS Tunneling
6 *.*.NAK POSTLAS REPLYHold
7 . . .
8 REPLYHold:
9 *.*.ACK REPLY Hold
10 *.*.NAK REPLY Hold
11 *.*.ACC_CHAL REPLY Hold
12 *.*.ACCT_DUP RAD2RAD REPLYHold Xstring="default.accounting.proxy.server"
13 Hold:
14 *.*.TIMEOUT NULL End
15 End:
Line 1 to 2 The FSM handles the request normally until it reaches the
ACCTwait state.
Lines 2 to 4 RAD2RAD forwards the message to
default.accouting.proxy.server. When a response is received from
the remote server, the FSM transitions to the REPLYHold state.
Lines 5 to 8 The next state listed in the state table is IPPool, since ACCTlog is
no longer required. The remaining states handle authentication
requests.
Custom State Tables 403