X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.conf.5.xml;h=0b7ee053c78c9f5bf2bc5fbadccf7d6e064386f2;hb=ac5c1024b9027a76e176169d2f2a5c73514a7710;hp=7fef19ce1ef643055f3281aa6a34f1ff7a220cae;hpb=8f9844399efbefe64a90741767bd07f816a26790;p=libradsec.git

diff --git a/radsecproxy.conf.5.xml b/radsecproxy.conf.5.xml
index 7fef19c..0b7ee05 100644
--- a/radsecproxy.conf.5.xml
+++ b/radsecproxy.conf.5.xml
@@ -2,14 +2,14 @@
 "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
 <refentry>
   <refentryinfo>
-    <date>2011-09-30</date>
+    <date>2011-10-08</date>
   </refentryinfo>
   <refmeta>
     <refentrytitle>
       <application>radsecproxy.conf</application>
     </refentrytitle>
     <manvolnum>5</manvolnum>
-    <refmiscinfo>radsecproxy 1.5-dev</refmiscinfo>
+    <refmiscinfo>radsecproxy 1.5</refmiscinfo>
   </refmeta>
   <refnamediv>
     <refname>
@@ -176,13 +176,17 @@ blocktype name {
 	    The FTicksReporting option is used to enable F-Ticks
 	    logging and can be set to <literal>None</literal>,
 	    <literal>Basic</literal> or <literal>Full</literal>.  Its
-	    default value is <literal>None</literal>.
+	    default value is <literal>None</literal>.  If
+	    FTicksReporting is set to anything other than
+	    <literal>None</literal>, note that the default value for
+	    FTicksMAC is <literal>VendorKeyHashed</literal> which
+	    needs FTicksKey to be set.
 	  </para>
 	  <para>
 	    See <literal>radsecproxy.conf-example</literal> for
 	    details.  Note that radsecproxy has to be configured with
-	    support for F-Ticks (<literal>--enable-fticks</literal>)
-	    for this option to have any effect.
+	    F-Ticks support (<literal>--enable-fticks</literal>) for
+	    this option to have any effect.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -192,23 +196,31 @@ blocktype name {
         <listitem>
 	  <para>
 	    The FTicksMAC option can be used to control if and how
-	    Calling-Station-Id is being logged.  It can be set to one
-	    of <literal>Static</literal>,
-	    <literal>Original</literal>,
+	    Calling-Station-Id (the users Ethernet MAC address) is
+	    being logged.  It can be set to one of
+	    <literal>Static</literal>, <literal>Original</literal>,
 	    <literal>VendorHashed</literal>,
 	    <literal>VendorKeyHashed</literal>,
 	    <literal>FullyHashed</literal> or
 	    <literal>FullyKeyHashed</literal>.
 	  </para>
 	  <para>
-	    The default value for FTicksMAC is <literal>Static</literal>.
-	    Before chosing any of <literal>Original</literal>
+	    The default value for FTicksMAC is
+	    <literal>VendorKeyHashed</literal>.  This means that
+	    FTicksKey has to be set.
+	  <para>
+	    Before chosing any of <literal>Original</literal>,
+	    <literal>FullyHashed</literal> or
+	    <literal>VendorHashed</literal>, consider the implications
+	    for user privacy when MAC addresses are collected.  How
+	    will the logs be stored, transferred and accessed?
+	  </para>
 	  </para>
 	  <para>
 	    See <literal>radsecproxy.conf-example</literal> for
 	    details.  Note that radsecproxy has to be configured with
-	    support for F-Ticks (<literal>--enable-fticks</literal>)
-	    for this option to have any effect.
+	    F-Ticks support (<literal>--enable-fticks</literal>) for
+	    this option to have any effect.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -223,14 +235,32 @@ blocktype name {
 	    option.
 	  </para>
 	  <para>
-	    Note that radsecproxy has to be configured with support
-	    for F-Ticks (<literal>--enable-fticks</literal>) for this
+	    Note that radsecproxy has to be configured with F-Ticks
+	    support (<literal>--enable-fticks</literal>) for this
 	    option to have any effect.
 	  </para>
 	</listitem>
       </varlistentry>
 
       <varlistentry>
+        <term><literal>FTicksSyslogFacility</literal></term>
+        <listitem>
+	  <para>
+	    The FTicksSyslogFacility option is used to specify 
+	    a dedicated syslog facility for F-Ticks messages.
+	    This allows easy filtering of F-Ticks messages.
+	    By default, if FTicksSyslogFacility is not given,
+	    F-Ticks messages are written to the LogDestination. 
+	  </para>
+	  <para>
+	    For F-Ticks messages always LOG_DEBUG level is used.
+	    Note that FTicksSyslogFacility value specifying a file 
+	    (via file:/// prefix) is ignored.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><literal>ListenUDP</literal></term>
         <listitem>
 	  <para>