Namespaces
Supported namespaces
Below, '*' denotes any namespace, attribute name, or data type. Namespace "id":
id number read Request identifier
Namespace "datetime":
datetime.timestamp timestamp read Current time
Namespace "aaa":
aaa.protocol enum read A protocol of the request
aaa.trace boolean read Is tracing enabled for the request?
aaa.accounting boolean read Is the request an accounting request?
aaa.policy string read The name of AAA policy handling the request
aaa.handler string read The name of AAA policy handler handling the request
aaa.identity string read/write A current username/identity of the request
aaa.identity.name string read A name part of a current username/identity
aaa.identity.realm string read/write A realm part of a current username/identity
aaa.identity.realm.tld string read TLD part of the realm
aaa.method enum read Authentication protocol/method
aaa.message string read/write Reply message
aaa.result enum read AAA result
aaa.reason string read An error or a reason
Namespace "auth":
auth.protocol enum read/write Authentication protocol
auth.challenge string read/write Authentication challenge
auth.response bytes read/write Authentication response
auth.result string read/write Authentication result
Namespace "acct":
acct.status enum read Accounting request status
acct.timestamp timestamp read Accounting request timestamp
acct.duration number read Accounting session duration in seconds
acct.input.packets number read Accounting session packets in
acct.input.bytes number read Accounting session bytes in
acct.output.packets number read Accounting session packets out
acct.output.bytes number read Accounting session bytes out
Namespace "user":
user.username string read/write User entry's name
user.password string read/write User's password
user.group string array read/write User's groups
user.role string array read/write User's roles
user.backend string read Backend's name from which user was fetched
Namespace "vars":
vars.* * read/write Custom variables
Namespace "util":
util.rand.X bytes read Reads X bytes of random
Namespace "tls":
tls.version enum read Negotiated TLS protocol version
tls.cipher enum read Negotiated TLS cipher
Namespace "cert":
cert.valid boolean read Did basic certificate validation succeed?
cert.error string read Verification error
cert.server string read In TLS client context, server's name or IP address
cert.issuer string read Certificate's issuer's name
cert.subject string read Certificate's subject's name
cert.serial number read Certificate's serial number
cert.issued timestamp read Certificate's issue timestamp
cert.expires timestamp read Certificate's expiry timestamp
cert.policy string array read Certificate's Policy OIDs
cert.sha256 bytes read SHA256 hash of the certificate
cert.issuer.* string array read Issuer name's individual components (dc, c, st, l, o, ou, cn, emailaddress)
cert.subject.* string array read Subject name's individual components (dc, c, st, l, o, ou, cn, emailaddress)
cert.subject_alt.* string array read Subject's alternative names (email, dns, dn, uri, ip, oid, upn, other)
cert.ca.* * read Certificate's first CA certificate
cert.ca[N].* * read Certificate's Nth CA certificate
CA certificate has the same attributes as the cert. Namespace "radius":
radius.client string read Client's name from which the request was received
radius.client.ip ip read IP address from which the request was received
radius.server string read Server's name which received the request
radius.server.tls boolean read Was request received over TLS?
radius.attr.* * read/write Radius request/reply attributes
Attribute's data type is defined by the RADIUS dictionary used. Examples:
radius.attr.user-name
radius.attr.tunnel-type:1 Tunnel-Type attribute with a tag value 1
radius.attr.framed-route[0] First Framed-Route attribute
radius.attr.framed-route[n] Last Framed-Route attribute
radius.attr.framed-route[*] All Framed-Route attributes
radius.attr.cisco.avpair Cisco AV-pair attribute
Namespace "radiusproxy":
radiusproxy.server string read Radius proxy server's name to which send the request
radiusproxy.server.tls boolean read Is Radius proxy server using TLS connection?
radiusproxy.attr.* * read/write Radius proxy reply/request attributes
Attribute's data type is defined by the RADIUS dictionary used. Examples:
radiusproxy.attr.user-name
radiusproxy.attr.operator-name
radiusproxy.attr.tunnel-type:1 Tunnel-Type attribute with a tag value 1
radiusproxy.attr.cisco.avpair[0] First Cisco AV-pair attribute
radiusproxy.attr.cisco.avpair[n] Last Cisco AV-pair attribute
radiusproxy.attr.cisco.avpair[*] All Cisco AV-pair attributes
Namespace "eap":
eap.identity string read EAP identity
eap.method enum read EAP method
Namespace "eap-ttls":
eap-ttls.attr.* * read/write EAP-TTLS request/response attributes
Attribute's data type is defined by the RADIUS dictionary used. Examples:
eap-ttls.attr.user-name
eap-ttls.attr.user-password
eap-ttls.attr.chap-password
eap-ttls.attr.eap-message
Namespace "eap-teap":
eap-teap.username string read EAP-TEAP basic password authentication response username
eap-teap.identity-type enum read EAP-TEAP Identity-Type TLV (user/machine)
Namespace "parent":
parent.* * read/write Parent context namespace
Examples:
parent.aaa.identity
parent.radius.client
Namespace "root":
root.* * read/write Root context namespace
Examples:
root.aaa.identity
root.radius.client