I've done more testing and I've found something very interesting.
I've
tested logging with our entire string (which will be below) with slight
changes to the 'if' statement solely looking at the
'dhcp-message-type = '
parameter. Of the four message types we routinely see some work and some
don't: (ie: if option dhcp-message-type = # { log...)
Message-Type 1 (DISCOVER): logging works
Message-Type 2 (OFFER): logging does NOT work
Message-Type 3 (REQUEST) logging works
Message-Type 5 (ACK) logging does NOT work
And by 'does not work' I mean it doesn't log anything at all. As if
it's
not matching on those message types at all. I know they are being logged in
syslog, where all these messages are logged to, so I know we're getting
OFFERs and ACKs, as they are logged normally in syslog.
So, anyone have any idea WTF is going on here? I suppose I could log based
on REQUEST, but I'm afraid our data would be inaccurate if a request
isn't
ACK'd.
On Fri, May 26, 2017 at 2:04 PM, Mark Haney <mark.haney at neonova.net>
wrote:
> Hi all,
>
> I've got an issue with C6's dhcpd custom logging that I cannot
figure
> out. Hopefully someone has an idea, or has seen a similar issue. We have
> dhcpd logging to /var/log/messages a custom header (DHCPUSER:) with MAC, IP
> and Circuit-ID.
>
> I'll not bore you with the guts, so here's the beginning of that
line in
> dhcpd.conf:
>
> if exists agent.circuit-id
> {
> log (info, concat( "DHCPUSER:,", concat (suffix (concat
("0",
> binary-to-ascii.....
>
> We log this specifically to have rsyslog dump that line (keyed on
> DHCPUSER) into a MySQL database for use by a web app our development team
> built so that our customers can get reports on their DHCP leases. (Neonova
> provides help desk, engineering and Tier 2 and 3 tech support to rural ISPs
> in the US.)
>
> Our problem is that this method logs every entry that has the CID in the
> packet. Which covers most DHCP requests. As such, with our bigger
> customers, this logging bogs down MySQL (and the file system on older ext3
> based CentOS 6 boxes we have out in the field) to the point where, after a
> major outage and recovery, the DHCP server can't handle the load and
people
> are unable to get new DHCP leases, resulting in calls to our help desk.
>
> What I want to do is have this data logged in the DHCPUSER line on the
> DHCPACK and only that. For some reason, when I try replace the above with
> 'if option dhcp-message-type = 5', nothing is getting logged. All
the
> instances of this I've googled have similar, notably one from ~2008
that
> has:
>
> if exists agent.circuit-id and dhcp-message-type = 3
>
> and that apparently worked fine. I know the circuit-id is included in the
> ACK packet (tcpdump is your friend), but even on the check to log for only
> the dhcp message type 5 isn't working.
>
> Are the newer dhcpd versions different syntactically? What's the
correct
> method for logging on the DCHP Message type with the most recent C6
> version? (dhcp-4.1.1-53.P1.el6.centos.x86_64)
>
> Any ideas?
>
> --
> [image: photo]
> Mark Haney
> Network Engineer at NeoNova
> 919-460-3330 <(919)%20460-3330> (opt 1) ? mark.haney at neonova.net
> www.neonova.net <https://neonova.net/>
> <https://www.facebook.com/NeoNovaNNS/>
<https://twitter.com/NeoNova_NNS>
> <http://www.linkedin.com/company/neonova-network-services>
>
--
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) ? mark.haney at neonova.net
www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/>
<https://twitter.com/NeoNova_NNS>
<http://www.linkedin.com/company/neonova-network-services>