3.125. <Monitor> Previous topic Parent topic Child topic Next topic

This clause enables external client programs to make an authenticated TCP connection to Radiator, and use that connection to monitor, probe, modify, and collect statistics from Radiator. One such external client program is Radar, a real-time interactive GUI that permits monitoring, plotting of statistics and much more. For more information, see Radar website Opens in new window.
Monitor permits the telnet connections and implements a simple command syntax that allows various actions to be executed. For more information about the command language that Monitor implements, see Section 18. Monitor command language. Monitor permits multiple simultaneous independent connections. Radiator also permits multiple Monitor clauses, each listening on a different Port or BindAddress.
Monitor authenticates incoming connections. Only if the connection submits a valid user name and password Monitor honours the requests on that connection. You can configure Monitor with either a hardwired user name and password, or with a standard Radiator AuthBy clause. You can specify one or more AuthBy parameters or AuthBy clauses and an AuthByPolicy similar to <AuthBy GROUP>. For more information, see Section 3.32.1. AuthByPolicy. As a security measure, if a Monitor connection fails authentication 5 times, the connection is automatically disconnected.
Careless configuration of this clause can open security holes in your RADIUS host. To avoid this, we recommend you to take the following actions:
  • Limit the clients that can connect with the Clients parameter.
  • Make sure the configuration file is only readable by root.
  • Consider making radiusd run as a non-privileged user.
  • Use secure user names and passwords to authenticate access to this server.
  • Disable this clause when not required.
<Monitor> supports TLS. For more information about TLS parameters, see Section 3.9. TLS configuration.