I’ve got an issue with C6’s dhcpd custom logging that I cannot figure out. Hopefully someone has an idea, or has seen a similar issue. We have dhcpd logging to /var/log/messages a custom header (DHCPUSER:) with MAC, IP and Circuit-ID.
I’ll not bore you with the guts, so here’s the beginning of that line in dhcpd.conf:
We log this specifically to have rsyslog dump that line (keyed on DHCPUSER)
into a MySQL database for use by a web app our development team built so that our customers can get reports on their DHCP leases. (Neonova provides help desk, engineering and Tier 2 and 3 tech support to rural ISPs in the US.)
Our problem is that this method logs every entry that has the CID in the packet. Which covers most DHCP requests. As such, with our bigger customers, this logging bogs down MySQL (and the file system on older ext3
based CentOS 6 boxes we have out in the field) to the point where, after a major outage and recovery, the DHCP server can’t handle the load and people are unable to get new DHCP leases, resulting in calls to our help desk.
What I want to do is have this data logged in the DHCPUSER line on the DHCPACK and only that. For some reason, when I try replace the above with
‘if option dhcp-message-type = 5’, nothing is getting logged. All the instances of this I’ve googled have similar, notably one from ~2008 that has:
if exists agent.circuit-id and dhcp-message-type = 3
and that apparently worked fine. I know the circuit-id is included in the ACK packet (tcpdump is your friend), but even on the check to log for only the dhcp message type 5 isn’t working.
Are the newer dhcpd versions different syntactically? What’s the correct method for logging on the DCHP Message type with the most recent C6
Mark Haney Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • email@example.com www.neonova.net