Configuring Tracking Plug-Ins
This section shows how to configure the tracking plug-ins described in Table 16.
By default, the fileAcct plug-in instance tracks all subscriber and service sessions and writes all available attributes to a file. You can use this plug-in instance or create new one.
The overall steps to configure a tracking plug-in are:
- Create and configure a plug-in instance in the plug-in pool. The following sections show how to create and configure an instance for each type of tracking plug-in.
- Configure an event publisher to publish events to the plug-in instance.
See Configuring Event Publishers.
Configuring Flat File Accounting Plug-Ins
Flat file accounting plug-ins write information to a file in a comma-separated format. The SRC software has a default flat file accounting plug-in instance called fileAcct. The fileAcct instance logs all possible attributes for 24-hour periods in the file var/acct/log. You can modify the fileAcct instance, use it as is, or create a new instance.
Another item that you can configure for flat files is the names of the headers that appear in the file. See Configuring Headers for Flat File Accounting Plug-Ins.
To create flat-file accounting plug-in instances:
- In the Plug-In Pool area of the Plug-Ins pane, create a flat file accounting instance as described in Creating Plug-In Instances.
The instance appears in the Plug-In Pool area.
![]()
Filename
- Name and location of the file to which the SAE writes accounting information. The SAE names accounting files by appending the timestamp for the start of the accounting period.
- Value—Path and name of file
- Default—var/acct/log
- Property name—File
Template
- Name of a template that defines header names for attributes listed in accounting files. See Configuring Headers for Flat File Accounting Plug-Ins.
- Value—Name of the template in the format FileAccounting.<template name>
- Default—FileAccounting.std
- Property name—Template
Interval [hour]
- Number of hours of information stored in each accounting file. When the interval expires, the SAE closes the file, renames it to the archive name, and creates a new file.
- Accounting files are aligned with midnight of the day the SAE process starts. If the interval is 24 hours, the SAE starts a new file at midnight every day beginning on the day that the SAE starts.
- If the interval is a divisor of 24 hours (for example, 15 minutes, 30 minutes, 1 hour), there is a repeatable pattern of file starts. For example, if the interval is set to 6 hours, the SAE creates a new file at midnight, 6 am, 12 am, and 6 pm every day.
- If the interval is not a divisor of 24, then the file-start times shift each day to different times of the day.
- If the SAE is restarted, the schedule for creating accounting files is reset to start at midnight.
- Value—Integer in the format <hour>[":"<minute>]; there are no restrictions on interval length, but we recommend that you set a value that is a divisor of 24 hours
- Default—24
- Property name—Interval
Fields
- Attributes to be recorded as fields in the accounting file.
- Value—Comma-separated list of any of the following attributes:
- NAS_ID—Identifier of the SAE (configurable)
- PA_ACCOUNTING_ID—Accounting ID attribute from LDAP
- PA_AGGR_ACCOUNTING_ID—Accounting ID of the subscriber who started the aggregate service session
- PA_AGGR_AUTH_USER_ID—Subscriber ID that was used to authenticate the aggregate service session
- PA_AGGR_LOGIN_NAME—Login name of subscriber who started the aggregate service session
- PA_AGGR_SESSION_ID—Accounting session ID of the aggregate service session
- PA_AGGR_USER_DN—Subscriber profile DN of the subscriber who started the aggregate service session
- PA_AGGR_USER_IP—IP address of the subscriber who started the aggregate service session
- PA_AUTH_USER_ID—Subscriber ID used for service authentication
- PA_DOMAIN—Domain for secondary authentication
- PA_DOWNSTREAM_BANDWIDTH—Downstream bandwidth for the service
- PA_EVENT_TIME—Timestamp when the event was created
- PA_EVENT_TIME_MILLISECOND—Number of milliseconds since midnight 1970-01-01 UTC
- PA_IF_INDEX—SNMP index of the router interface
- PA_IF_RADIUS_CLASS—RADIUS class of the router interface
- PA_IF_SESSION_ID—Session ID assigned by the router
- PA_IN_OCTETS—Number of octets received from the subscriber (64 bit)
- PA_IN_PACKETS—Number of packets received from the subscriber (64 bit)
- PA_INTERFACE_ALIAS—Alias of router interface
- PA_INTERFACE_DESCR—Description of router interface
- PA_INTERFACE_NAME—Name of router interface
- PA_LOGIN_ID—Subscriber's login ID
- PA_LOGIN_NAME—Name of logged-in subscriber
- PA_NAS_IP—IP address that the router uses for accounting
- PA_NAS_INET_ADDRESS—IP address of the router that uses a byte array instead of an integer
- PA_NAS_PORT—Identifier that the router uses to identify the interface to RADIUS
- PA_OPERATIONAL—Flag that identifies whether an interface was operational at the time of the tracking event
- PA_OUT_OCTETS—Number of octets sent to the subscriber (64 bit)
- PA_OUT_PACKETS—Number of packets sent to the subscriber (64 bit)
- PA_PASSWORD—Password for secondary authentication
- PA_PORT_ID—Identifier of the physical interface (VirtualRouter@ERX interface slot/port.sub)
- PA_PRIMARY_USER_NAME—pppLoginName or public DhcpUserName
- PA_PROPERTY—Session property
- PA_RADIUS_CLASS—RADIUS class attribute
- PA_REPLY_MESSAGE—Message that a plug-in returns to the SAE during authorization
- PA_RETAILER_DN—Retailer DN associated with the domain
- PA_ROUTER_NAME—Name of the router
- PA_SERVICE_BUNDLE—RADIUS vendor-specific attribute (VSA) that a user authorization plug-in returns to the SAE
- PA_SERVICE_NAME—Name of SAE service
- PA_SERVICE_SCOPE—List of service scopes
- PA_SERVICE_SESSION_NAME—Name of dynamic service session
- PA_SERVICE_SESSION_TAG—Tag string assigned to dynamic service session
- PA_SESSION_ID—Session ID assigned by the SAE
- PA_SESSION_TIMEOUT—Number of seconds that the session is up
- PA_SESSION_VOLUME_QUOTA—Amount of data that a subscriber is allowed to upload or download
- PA_SSP_HOST—Hostname of the SAE server
- PA_SUBSCRIPTION_NAME—Name of the subscription
- PA_SUBSTITUTION—Parameter substitution set by a service or user authorization plug-in
- PA_TERMINATE_CAUSE—RADIUS termination cause (See RFC 2866—RADIUS Accounting (June 2000)—for possible values.)
- PA_TERMINATE_TIME—Time to end a subscriber session
- PA_UID—Subscriber ID used for secondary authentication
- PA_UPSTREAM_BANDWIDTH—Upstream bandwidth for the service
- PA_USER_DN—DN of the subscriber profile
- PA_USER_INET_ADDRESS—IP address of the subscriber that uses a byte array instead of an integer
- PA_USER_IP_ADDRESS—IP address of subscriber
- PA_USER_MAC_ADDRESS—MAC address of DHCP subscriber session
- PA_USER_SESSION_ID—RADIUS session ID for the subscriber session
- PA_USER_TYPE—Type of subscriber session: ASSIGNEDIP, AUTHINTF, INTF, ADDR, AUTHADDR, PORTAL
- PA_USER_RADIUS_CLASS—RADIUS class of the subscriber session that is associated with the service session
- STATUS—Accounting status: start, stop, and interim
- Default—STATUS,NAS_ID,PA_SSP_HOST,PA_ROUTER_NAME,
PA_INTERFACE_NAME,PA_INTERFACE_ALIAS,PA_INTERFACE_DESCR,
PA_PORT_ID,PA_USER_IP_ADDRESS,PA_LOGIN_NAME,PA_ACCOUNTING_ID,
PA_AUTH_USER_ID,PA_IF_RADIUS_CLASS,PA_IF_SESSION_ID,
PA_SERVICE_NAME,PA_RADIUS_CLASS,PA_EVENT_TIME,PA_SESSION_ID,
PA_TERMINATE_CAUSE,PA_SESSION_TIME,PA_IN_OCTETS,PA_OUT_OCTETS,PA_IN_PACKETS,PA_OUT_PACKETS,PA_NAS_IP,PA_USER_MAC_ADDRESS,
PA_SERVICE_SESSION_NAME,PA_SERVICE_SESSION_TAG,PA_USER_TYPE,
PA_USER_RADIUS_CLASS,PA_USER_SESSION_ID- Property name—Fields
Configuring Headers for Flat File Accounting Plug-Ins
When the SAE writes data to a flat file, it writes into the first line the headers that identify the attributes in the file. For example, in the following accounting file, the first line lists headers for all attribute fields in the file, and the following lines list the actual data in each field:
Accounting Status,NAS ID,SSP Host,Router Name,Interface Name,Interface Alias,Interface Description,NAS port ID,User IP Address,User ID,User Accounting ID,User Authentication ID,INTF Radius Class,INTF,SessionId, Service Name,Radius Class,Timestamp,SessionId, Terminate Cause,Session Time,Input Octets,Output Octets,Input Packets,Output Packets,NAS IP,User Mac address,Service Session Name,Service Session Tag,User Session Type,User Session Radius Class,User Session IDstart,SSP.uelmo,uelmo,default@erx7_ssp57,FastEthernet1/1.1,,IP1/1.1,default@erx7 _ssp57 FastEthernet1/1:65535, 10.10.10.20,pebbles@virneo.net,,,,erx fastEthernet 1/1:0001048619,Video-Gold,Video-Gold,Fri Jan 30 14:23:29 EDT 2004, VideoGold:null:1064946209182, 0,0,0,0,0,0, 10.10.7.17,,,,PPP,, pebbles:1064946144841You can assign your own names to the headers that appear in the file. To do so, you define the header names in a template and then set up file accounting plug-in instances to use the template. The default template, FileAccounting.std, defines header names for all possible attributes. You can use the default template or create your own templates.
To set up a file accounting template:
- In the File-Acct Template tab, create a File Accounting Attributes instance as described in Creating Plug-In Instances.
![]()
- Define header names in the attribute table in the format property=value, where property is the attribute name and value is the header name that you want to assign to the attribute. Configure the attribute table as follows:
- To add an attribute, type the attribute definition in the format property=value in the field below the attribute table, and click Add.
- To modify an attribute, select the attribute, make your changes in the field below the attribute table, and click Modify.
- To delete an attribute, select the attribute, and click Delete.
Configuring Basic RADIUS Accounting Plug-Ins
You can use basic RADIUS accounting plug-ins to send accounting information to an external RADIUS accounting server or to a group of redundant servers. To communicate with nonredundant servers, you need to create multiple instances of the plug-in.
To set up basic RADIUS accounting plug-ins:
- In the Plug-In Pool area of the Plug-Ins pane, create a basic RADIUS accounting plug-in instance as described in Creating Plug-In Instances.
The instance appears in the Plug-In Pool area.
![]()
- Fill in the fields for the plug-in instance as described in Using RADIUS Plug-In Fields.
- In the Peer Group area, create at least one RADIUS peer to use as the default peer. See Creating RADIUS Peers.
Configuring Flexible RADIUS Accounting Plug-Ins
Flexible RADIUS accounting plug-ins provide the same features as basic RADIUS accounting plug-ins. In addition, they allow you to customize RADIUS accounting packets that the SAE sends to RADIUS servers. You can specify which fields are included in the RADIUS accounting packets and what information is contained in the fields.
You can also extend custom RADIUS plug-ins to perform the same functions as the flexible RADIUS plug-ins. These custom plug-ins are also internal plug-ins, but are designed to deliver better system performance. See Configuring Custom RADIUS Accounting-Plug-Ins.
To set up flexible RADIUS accounting plug-ins:
- In the Plug-In Pool area of the Plug-Ins pane, create a flexible RADIUS accounting plug-in instance as described in Creating Plug-In Instances.
The instance appears in the Plug-In Pool area.
![]()
- Fill in the fields for the plug-in instance as described in Using RADIUS Plug-In Fields.
- In the Peer Group area, create at least one peer to use as the default peer. See Creating RADIUS Peers.
- (Optional) Assign a RADIUS packet template to the instance, or create a packet definition for the instance. See Defining RADIUS Packets for Flexible RADIUS Plug-Ins with SDX Configuration Editor.
Configuring Custom RADIUS Accounting-Plug-Ins
The custom RADIUS accounting plug-ins provide the same functions as the flexible RADIUS accounting plug-ins, but are designed to deliver better system performance. To use a custom plug-in, you must provide a Java class that implements the SPI defined in the RADIUS client library. Use this SPI to specify which fields and field values to include in RADIUS accounting packets. The RADIUS client library is part of the SAE core API.
See the documentation for the RADIUS client library in the SRC software distribution in the folder SDK/doc/sae/net/juniper/smgt/sae/radiuslib or in the SAE Core API documentation on the Juniper Networks Web site at
http://www.juniper.net/techpubs/software/management/sdx/api-index.html
For a sample implementation, see the following directory in the SRC software distribution: SDK/plugin/java/src/net/juniper/smgt/sample/radiuslib/RadiusPacketHandlerImpl.java.
To set up custom RADIUS accounting plug-ins:
- In the Plug-In Pool area of the Plug-Ins pane, create a custom RADIUS accounting plug-in instance as described in Creating Plug-In Instances.
The instance appears in the Plug-In Pool area.
![]()
- Fill in the plug-in instance fields as described in Using RADIUS Plug-In Fields.
- In the Peer Group area, create at least one peer to use as the default peer. See Creating RADIUS Peers.