You can configure Network Policy Server (NPS) to perform Remote Authentication Dial-In User Service (RADIUS) accounting for user authentication requests, Access-Accept messages, Access-Reject messages, accounting requests and responses, and periodic status updates. You can use this procedure to configure the log files in which you want to store the accounting data.
To prevent the log files from filling the hard drive, it is strongly recommended that you keep them on a partition that is separate from the system partition. The following provides more information about configuring accounting for NPS:
To send the log file data for collection by another process, you can configure NPS to write to a named pipe. To use named pipes, set the log file folder to \\.\pipe or \\ComputerName\pipe. The named pipe server program creates a named pipe called \\.\pipe\iaslog.log to accept the data. In the Local file properties dialog box, in Create a new log file, select Never (unlimited file size) when you use named pipes.
The log file directory can be created by using system environment variables (instead of user variables), such as %systemdrive%, %systemroot%, and %windir%. For example, the following path, using the environment variable %windir%, locates the log file at the system directory in the subfolder \System32\Logs (that is, %windir%\System32\Logs\).
Switching log file formats does not cause a new log to be created. If you change log file formats, the file that is active at the time of the change will contain a mixture of the two formats (records at the start of the log will have the previous format, and records at the end of the log will have the new format).
If RADIUS accounting fails due to a full hard disk drive or other causes, NPS stops processing connection requests, preventing users from accessing network resources.
NPS provides the ability to log to a Microsoft® SQL Server™ database in addition to, or instead of, logging to a local file.
Membership in the Domain Admins group is the minimum required to perform this procedure.
|To configure NPS log file properties|
Open the NPS console or the NPS Microsoft Management Console (MMC) snap-in.
In the console tree, click Accounting.
In the details pane, in Log File Properties, click Change Log File Properties. The Log File Properties dialog box opens.
In Log File Properties, on the Settings tab, in Log the following information, ensure that you choose to log enough information to achieve your accounting goals. For example, if your logs need to accomplish session correlation, select all check boxes.
In Logging failure action, select If logging fails, discard connection requests if you want NPS to stop processing Access-Request messages when log files are full or unavailable for some reason. If you want NPS to continue processing connection requests if logging fails, do not select this check box.
In the Log File Properties dialog box, click the Log File tab.
On the Log File tab, in Directory, type the location where you want to store NPS log files. The default location is the systemroot\System32\LogFiles folder.
If you do not supply a full path statement in Log File Directory, the default path is used. For example, if you type NPSLogFile in Log File Directory, the file is located at %systemroot%\System32\NPSLogFile.
In Format, click DTS Compliant. If you prefer, you can instead select a legacy file format, such as ODBC (Legacy) or IAS (Legacy).
In Create a new log file, to configure NPS to start new log files at specified intervals, click the interval that you want to use:
For heavy transaction volume and logging activity, click Daily.
For lesser transaction volumes and logging activity, click Weekly or Monthly.
To store all transactions in one log file, click Never (unlimited file size).
To limit the size of each log file, click When log file reaches this size, and then type a file size, after which a new log is created. The default size is 10 megabytes (MB).
- For heavy transaction volume and logging activity, click Daily.
If you want NPS to delete old log files to create disk space for new log files when the hard disk is near capacity, ensure that When disk is full delete older log files is selected. This option is not available, however, if the value of Create a new log file is Never (unlimited file size). Also, if the oldest log file is the current log file, it is not deleted.