CentOS 6 Dhcpd Custom Log Issues
Hi all,
I’ve got an issue with C6’s dhcpd custom logging that I cannot figure out. Hopefully someone has an idea, or has seen a similar issue. We have dhcpd logging to /var/log/messages a custom header (DHCPUSER:) with MAC, IP and Circuit-ID.
I’ll not bore you with the guts, so here’s the beginning of that line in dhcpd.conf:
if exists agent.circuit-id
{
log (info, concat( “DHCPUSER:,”, concat (suffix (concat (“0”, binary-to-ascii…..
We log this specifically to have rsyslog dump that line (keyed on DHCPUSER)
into a MySQL database for use by a web app our development team built so that our customers can get reports on their DHCP leases. (Neonova provides help desk, engineering and Tier 2 and 3 tech support to rural ISPs in the US.)
Our problem is that this method logs every entry that has the CID in the packet. Which covers most DHCP requests. As such, with our bigger customers, this logging bogs down MySQL (and the file system on older ext3
based CentOS 6 boxes we have out in the field) to the point where, after a major outage and recovery, the DHCP server can’t handle the load and people are unable to get new DHCP leases, resulting in calls to our help desk.
What I want to do is have this data logged in the DHCPUSER line on the DHCPACK and only that. For some reason, when I try replace the above with
‘if option dhcp-message-type = 5’, nothing is getting logged. All the instances of this I’ve googled have similar, notably one from ~2008 that has:
if exists agent.circuit-id and dhcp-message-type = 3
and that apparently worked fine. I know the circuit-id is included in the ACK packet (tcpdump is your friend), but even on the check to log for only the dhcp message type 5 isn’t working.
Are the newer dhcpd versions different syntactically? What’s the correct method for logging on the DCHP Message type with the most recent C6
version? (dhcp-4.1.1-53.P1.el6.CentOS.x86_64)
Any ideas?
—
[image: photo]
Mark Haney Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.haney@neonova.net www.neonova.net
One thought on - CentOS 6 Dhcpd Custom Log Issues
I’ve done more testing and I’ve found something very interesting. I’ve tested logging with our entire string (which will be below) with slight changes to the ‘if’ statement solely looking at the ‘dhcp-message-type = ‘
parameter. Of the four message types we routinely see some work and some don’t: (ie: if option dhcp-message-type = # { log…)
Message-Type 1 (DISCOVER): logging works Message-Type 2 (OFFER): logging does NOT work Message-Type 3 (REQUEST) logging works Message-Type 5 (ACK) logging does NOT work
And by ‘does not work’ I mean it doesn’t log anything at all. As if it’s not matching on those message types at all. I know they are being logged in syslog, where all these messages are logged to, so I know we’re getting OFFERs and ACKs, as they are logged normally in syslog.
So, anyone have any idea WTF is going on here? I suppose I could log based on REQUEST, but I’m afraid our data would be inaccurate if a request isn’t ACK’d.
—
[image: photo]
Mark Haney Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.haney@neonova.net http://www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/> <https://twitter.com/NeoNova_NNS>
<http://www.linkedin.com/company/neonova-network-services>