Community discussions

MUM Europe 2020
 
kfzig
just joined
Topic Author
Posts: 2
Joined: Wed Jun 07, 2017 8:58 pm

Feature Request: persistent log for DHCP-Server leases and releases

Wed Jun 07, 2017 9:05 pm

Nevermind.
Seems to be build-dependent.

===============

Hello!

It'd be really useful for our auditing activities to have a clean way to log dhcp lease and release actions to be able to reconstruct what mac address was tied to what IP address at any given historical time. Currently, there doesn't appear to be any clean way of doing this.
We can kludge it by having a scheduled task dump the current list of leases to a file every few minutes but this is suboptimal to say the least.

Thanks for doing great work!

Regards,
kfzig
Last edited by kfzig on Wed Jun 07, 2017 11:24 pm, edited 1 time in total.
 
User avatar
pukkita
Trainer
Trainer
Posts: 3001
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Feature Request: persistent log for DHCP-Server leases and releases

Wed Jun 07, 2017 9:21 pm

Two possible ways:

Setup syslog DHCP to send logs to a remote log collector.

Use radius for DHCP, like Freeradius + SQL backend.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
kfzig
just joined
Topic Author
Posts: 2
Joined: Wed Jun 07, 2017 8:58 pm

Re: Feature Request: persistent log for DHCP-Server leases and releases

Wed Jun 07, 2017 10:07 pm

Concur that those are workarounds, but they require a live system that you're sure you can connect to to be reliable. I need something in-device to do this "right". It seems to me that it wouldn't be too unreasonable to have a tickbox enable a regular log entry every time something changes in the active lease table (the log entry being what changed with IP, mac, and assigned/renewed/released). I can easily send that event to a dedicated log file sitting on flash.
Assume a scenario of a hotdesk at a remote site that anyone at the facility can plug a laptop into, or a road warrior who's only "allowed" to plug their work machine into the vpn-router. There's no other servers/services at the site, the user must be able to connect to the internet whether the vpn is up or down, and the logs/dhcp-record must be reliably kept.
Further, the existing DHCP logs "above" the debug level don't include the mac address or IP, and only seem to include dhcp-client events (rather than dhcp-server events). The DHCP debug-level events which allow reconstruction of the event, including mac address and IP, aren't actually compliant with the SYSLOG specification, creating its own headaches if you try to use them for auditing.
 
pd
newbie
Posts: 26
Joined: Thu Jan 12, 2006 10:46 pm

Re: Feature Request: persistent log for DHCP-Server leases and releases

Mon Oct 14, 2019 8:10 am

It would be very helpfull indeed

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], heidarren, Kindis, mscarpitti and 161 guests