raddebug man page
raddebug — Display debugging output from a running server.
raddebug [-c condition] [-d config_directory] [-i ipv4-address] [-I ipv6-address] [-f socket_file] [-t timeout] [-u user-name]
raddebug is a shell script wrapper around radmin that automates the process of obtaining debugging output from a running server. It does this without impacting service availability, unlike using radiusd -X. There are a number of prerequisites that are required for its proper operation:
* radmin must be available in the PATH.
* The user running raddebug must have permission to connect to
the server control socket.
* The control socket must be configured. For instructions, see
* The control socket must be marked as "mode = rw".
* The user running raddebug must have permission to read and
write files in the "logdir" directory. This is usually
For a number of reasons, the debugging output is placed in an intermediate file, rather than being sent directly to standard output. In order to prevent this file from growing too large, the raddebug program is automatically terminated after 10 seconds. This timeout can be changed via the "-t" parameter.
When the script exits, debug mode in the server is disabled, and the intermediate file is deleted.
Debug output from a live server can be redirected to only one location. If a second instance of raddebug is started while the first one is still running, the later one will over-ride the first one, and the first will stop producing output.
- -c condition
Set a specific debug condition. The format of the condition is as specified in the CONDITIONS section of the unlang manual page.
- -f socket_file
The path to the control socket. See the radmin manual page for more description of this option.
- -i ipv4-address
Show debug output for the client having the given IPv4 address. This option is equivalent to using:
-c '(Packet-Src-IP-Address == ipv4-address)'
- -d config directory
The radius configuration directory, usually /etc/raddb. See the radmin manual page for more description of this option.
- -I ipv6-address
Show debug output for the client having the given IPv6 address. This option is equivalent to using:
-c '(Packet-Src-IPv6-Address == ipv6-address)'
- -t timeout
Stop printing debug output after "timeout" seconds. The default timeout is sixty (60) seconds. Use "-t 0" to print debugging output forever, or until the script exits.
- -u name
Show debug output for users having the given name. This option is equivalent to using:
-c '(User-Name == name)'
radmin(8), raddb/sites-available/control-socket, unlang(5), radiusd.conf(5)
Alan DeKok <firstname.lastname@example.org>