#  -*- text -*-
#
#
#  $Id: 168b25c6da8c54920ff1d9f2233cbf8c9ab00b38 $

#######################################################################
#
#  = Detail Module
#
#  Write a detailed log of all accounting records received.
#
#  It is primarily used for storing accounting information, but can be
#  used in other sections to write packet details as well.
#
#  NOTE: we do NOT use `NAS-IP-Address` here, as that attribute MAY BE
#  from the originating NAS, and NOT from the proxy which actually
#  sent us the request.
#
#  ## Configuration Settings
#
detail {
	#
	#  filename:: The filename used when creating `detail` files.
	#
	#  The default configuration creates a new `detail` file for
	#  every radius client (by IP address or hostname). In
	#  addition, a new detail file is created every day, so that
	#  the `detail` file doesn't have to go through a 'log
	#  rotation'.
	#
	#  If your detail files are large, you may also want to
	#  add a `:%H` (see `doc/unlang/xlat_character.adoc`) to
	#  the end of it, to create a new detail file every hour.
	#
	#  e.g.:
	#
	#      ..../detail-%Y-%m-%dT%H:00:00
	#
	#  This will create a new `detail` file for every hour.
	#
	#  If you are reading detail files via the `listen { ... }` section
	#  (e.g. as in `raddb/sites-available/robust-proxy-accounting`),
	#  you MUST use a unique directory for each combination of a `detail`
	#  file writer, and reader.
	#
	#  That is, only *one* `listen { ... }` section can read
	#  detail files from a particular directory.
	#
	filename = "${radacctdir}/%{Net.Src.IP}/detail-%Y-%m-%d"

	#
	#  NOTE: If you are using `radrelay`, delete the above line for `file`,
	#  and use this one instead:
	#
#	filename = ${radacctdir}/detail

	#
	#  escape_filenames:: Whether or not to escape "special"
	#  characters in filenames.
	#
	#  Most file systems can handle nearly the full range of UTF-8
	#  characters. Ones that can deal with a limited range should
	#  set this to `yes`.
	#
	escape_filenames = no

	#
	#  permissions:: The Unix permissions on the `detail` file.
	#
	#  NOTE: The detail file often contains secret or private
	#  information about users.  The file permissions should be
	#  restrictive, so that unwanted people are prevented from
	#  seeing any secret information.
	#
	permissions = 0600

	#
	#  group:: The Unix group of the log file.
	#
	#  NOTE: The user that the server runs as must be in the
	#  specified system group otherwise the server will not have
	#  permission to change the group ownership of the file.
	#
#	group = ${security.group}

	#
	#  header:: The header of a `detail` file entry.
	#
	#  Every entry in the detail file has a header which is a
	#  timestamp.
	#  By default, we use the ctime format (see `man 3 ctime` for details).
	#
	#  The header can be customised by editing this string.
	#  See `doc/unlang/xlat.adoc` for a description
	#  of what can be put here.
	#
	header = "%t"

	#
	#  locking:: Whether or not we should lock the detail file
	#  before writing to it.
	#
	#  Mainly used if the detail file reader is to be reading this file.
	#
#	locking = yes

	#
	#  log_packet_header::: Log the Packet src/dst IP/port.
	#
	#  This is disabled by default, as that information isn't used
	#  by many people.
	#
#	log_packet_header = yes

	#
	#  suppress { ... }:: Suppress "secret" information from appearing in the `detail` file.
	#
	#  Certain attributes such as `User-Password` may be
	#  "sensitive", so they should not be printed in the detail
	#  file. This section lists the attributes that should be
	#  suppressed.
	#
	#  NOTE: The attributes should be listed one to a line.
	#
#	suppress {
#		User-Password
#	}
}
