+
+ <varlistentry>
+ <term><literal>FTicksReporting</literal></term>
+ <listitem>
+ <para>
+ The FTicksReporting option is used to enable F-Ticks
+ logging and can be set to <literal>None</literal>,
+ <literal>Basic</literal> or <literal>Full</literal>. Its
+ default value is <literal>None</literal>. If
+ FTicksReporting is set to anything other than
+ <literal>None</literal>, note that the default value for
+ FTicksMAC is <literal>VendorKeyHashed</literal> which
+ needs FTicksKey to be set.
+ </para>
+ <para>
+ See <literal>radsecproxy.conf-example</literal> for
+ details. Note that radsecproxy has to be configured with
+ F-Ticks support (<literal>--enable-fticks</literal>) for
+ this option to have any effect.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>FTicksMAC</literal></term>
+ <listitem>
+ <para>
+ The FTicksMAC option can be used to control if and how
+ Calling-Station-Id (the users Ethernet MAC address) is
+ being logged. It can be set to one of
+ <literal>Static</literal>, <literal>Original</literal>,
+ <literal>VendorHashed</literal>,
+ <literal>VendorKeyHashed</literal>,
+ <literal>FullyHashed</literal> or
+ <literal>FullyKeyHashed</literal>.
+ </para>
+ <para>
+ The default value for FTicksMAC is
+ <literal>VendorKeyHashed</literal>. This means that
+ FTicksKey has to be set.
+ <para>
+ Before chosing any of <literal>Original</literal>,
+ <literal>FullyHashed</literal> or
+ <literal>VendorHashed</literal>, consider the implications
+ for user privacy when MAC addresses are collected. How
+ will the logs be stored, transferred and accessed?
+ </para>
+ </para>
+ <para>
+ See <literal>radsecproxy.conf-example</literal> for
+ details. Note that radsecproxy has to be configured with
+ F-Ticks support (<literal>--enable-fticks</literal>) for
+ this option to have any effect.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>FTicksKey</literal></term>
+ <listitem>
+ <para>
+ The FTicksKey option is used to specify the key to use
+ when producing HMAC's as an effect of specifying
+ VendorKeyHashed or FullyKeyHashed for the FTicksMAC
+ option.
+ </para>
+ <para>
+ Note that radsecproxy has to be configured with F-Ticks
+ support (<literal>--enable-fticks</literal>) for this
+ option to have any effect.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>FTicksSyslogFacility</literal></term>
+ <listitem>
+ <para>
+ The FTicksSyslogFacility option is used to specify a
+ dedicated syslog facility for F-Ticks messages. This
+ allows for easier filtering of F-Ticks messages. If no
+ FTicksSyslogFacility option is given, F-Ticks messages are
+ written to what the LogDestination option specifies.
+ </para>
+ <para>
+ F-Ticks messages are always logged using the log level
+ LOG_DEBUG. Note that specifying a file in
+ FTicksSyslogFacility (using the file:/// prefix) is
+ not supported.
+ </para>
+ </listitem>
+ </varlistentry>
+