Forum Discussion

Dennis_Walcott's avatar
6 years ago

TACACS & Radius Server Monitoring

We are interested in using LM Websites to monitor TACACS and Radius availability. The goal is to use static credentials to validate the ability to login. We prefer to login to the TACACS and Radius servers every 15 minutes and alert when login fails. We would prefer not to login to our network devices because it will fill the logs with test login information. I know the which ports we are using for both, but I don't know where to begin. I have searched the community and have not found a post with this question. How would I go about tackling this?



4 Replies

Replies have been turned off for this discussion
  • @Michael Rodrigues I had a similar thought. Downloaded tactest from The cli is straightforward to use. This can be loaded on the primary and backup collectors and run from the script you've mentioned. If we don't figure out an elegant way to test via groovy we will use this method for both tacacs and radius. 

  • @Dennis Walcott I've done something similar in another monitoring tool in a past life. I used a script that called a radius test client and made a request directly to the RADIUS server. Parse the results and return a simple 1 or 0 for failure or success.

    I would probably go with a DataSource over a webcheck in this case.

    You can use Expect to run the radius test client if it's installed on your collector.

  • @Michael Rodrigues Thank you for the quick response. Your suggestion of using DataSource over webcheck makes sense. I have taken a look at using Expect, but after reading through the help documents I decided to engage LogicMonitor Support and possibly Professional Services. I will update this post once I have direction or a working solution.

  • @Dennis Walcott thought of a codeless way to do it.

    If you have a command line utility that allows you to test RADIUS (I used radtest from freeradius) you can just install it on your collector and call it with the "upload script" type Datasource.

    Presumably the cli utility will give you back something you can easily regex for in a datapoint, "SUCCESS" or "FAILURE" gets printed out if I remember correctly.