I reviewed the technote, but there are no details on how to tweak the session event log message that is sent.
Message I am currently sending below. My problem is that I am trying to determine if this is a login or logogg event. Is there a field that can denote this?
I see the field: Login-Status=ACCEPT, is there another that can be used perhaps?
May 8 11:30:55 10.237.6.129 2015-05-08: 11:30:55,478 10.237.6.129 TEST_CPPM_RADIUS_Session 3 1 0 RADIUS.Acct-Calling-Station-Id=5C-26-0A-71-67-80,Common.Roles=[Machine Authenticated], [User Authenticated],RADIUS.Acct-Framed-IP-Address=10.238.32.81,RADIUS.Auth-Source=AD:cp1adplim07.domain.com,RADIUS.Acct-Timestamp=2015-05-08 11:30:48-04,Common.Request-Id=R0000006c-01-554cd69d,Common.Source=RADIUS,RADIUS.Auth-Method=EAP-PEAP,EAP-MSCHAPv2,Common.Login-Status=ACCEPT,TimestampFormat=yyyy-MM-dd HH:mm:ss,S,Common.Username=billbob,src=10.237.6.129,RADIUS.Acct-Username=host/7FP23R1.domain.com,RADIUS.Acct-NAS-IP-Address=10.238.32.99,Common.Service=CISCO_WIRED_802.1X_SERVICE