radiuid.conf

<!--
######################################################################################
########################### Config file for RadiUID Server ###########################
###########################     Please Edit Carefully!     ###########################
######################################################################################
########################       Written by John W Kerns        ########################
########################      http://blog.packetsar.com       ########################
######################## https://github.com/PackeTsar/radiuid ########################
######################################################################################

======================================================================================

#################################### DESCRIPTIONS ####################################
All config is at the bottom of this file and in XML format. Here are some descriptions
	of what each of the config elements does.

==================================== radiuslogpath ===================================
Path to the FreeRADIUS Accounting Log Directory.
Default is '/var/log/radius/radacct/' (without quotes).
Don't change this setting unless you know what you are doing.

======================================= logfile ======================================
Full file path for RadiUID to write activity logs
Make sure the directories exist if you edit this setting without using the install utility

==================================== acctlogcopypath ===================================
Path to the a log copy directory for RADIUS accounting logs
If set to 'None' (default), then logs will not be copied before deletion
Log files get copied and updated log files get appended

====================================== userdomain ====================================
User domain which is prepended to the username when pushed to the Palo Alto firewall.
Leave empty to push no domain info.

======================================= timeout ======================================
Timeout for User-ID entries pushed to the Palo Alto firewall (in minutes).
This setting should be changed depending on how often the RADIUS clients re-authenticate
	and send updated accounting messages.

================== ipaddressterm, usernameterm, and delineatorterm ===================
The searchterms are used for finding pertinent information in the FreeRADIUS logs.
You almost certainly do not need to change them.
	ipaddressterm  = Search term used for matching IP info in the FreeRADIUS logs
	usernameterm   = Search term used for matching username info in the FreeRADIUS logs
	delineatorterm = Search term used for matching individual entries in the FreeRADIUS logs.
						The default delineator search term is the special value "[PARAGRAPH]".
						This special value seperates the FreeRADIUS logs by their empty line
						"\n" paragraph seperations. If you change the delineatorterm to
						something else, RadiUID will use you actual value as the delineator
						search term.

==================================== misc settings ===================================
looptime: The amount of time (in seconds) which is waited between checks of RADIUS logs
tlsversion: The version of HTTP TLS to use for the XML API communication
		1.0    = TLS Version 1.0
		1.1    = TLS Version 1.1
		1.2    = TLS Version 1.2
radiusstopaction: The action taken by RadiUID when a RADIUS stop status message is found in the logs
		push   = Disregard the "stop" status and push the user-to-ip mapping anyways
		ignore = Remove the mapping from the list of mappings to push, but don't clear it from the PAN
		clear  = Remove the mapping from the list of mappings to push and remove the mapping from the PAN

======================================= munge (optional) ======================================
The munge configuration elements contain rule-based string processing instructions which are used to
	filter, reconstruct, and process User-ID information. The rules should be configured from the
	command-line interface using the RadiUID command structure. The default 'out of the box'
	RadiUID configuration file does not contain any munge rules.

======================================= targets ======================================
The targets are the individual Palo Alto firewalls where RadiUID will push IP-to-User mappings
	hostname = FQDN or IP of the target Palo Alto firewall where UID info will sent
	vsys     = Virtual System ID on the target firewall where User-to-IP mappings are pushed
	username = user name for access to Palo Alto firewall
	password = password for access to Palo Alto firewall which matches the username (characters "&", "<", and ">" are not allowed)

######################################################################################
-->
<config>
	<globalsettings>
		<paths>
			<radiuslogpath>/var/log/radius/radacct/</radiuslogpath>
			<logfile>/etc/radiuid/radiuid.log</logfile>
			<acctlogcopypath />
		</paths>
		<logging>
			<maxloglines>0</maxloglines>
		</logging>
		<uidsettings>
			<userdomain>domain.com</userdomain>
			<timeout>60</timeout>
		</uidsettings>
		<searchterms>
			<ipaddressterm>Framed-IP-Address</ipaddressterm>
			<usernameterm>User-Name</usernameterm>
			<delineatorterm>[PARAGRAPH]</delineatorterm>
		</searchterms>
		<misc>
			<looptime>10</looptime>
			<tlsversion>1.2</tlsversion>
			<radiusstopaction>clear</radiusstopaction>
		</misc>
	</globalsettings>
	<targets>
		<target>
			<hostname>192.168.1.1</hostname>
			<vsys>1</vsys>
			<username>admin</username>
			<password>admin</password>
		</target>
		<target>
			<hostname>pan1.domain.com</hostname>
			<vsys>1</vsys>
			<username>admin</username>
			<password>admin</password>
		</target>
	</targets>
</config>