Concur that those are workarounds, but they require a live system that you're sure you can connect to to be reliable. I need something in-device to do this "right". It seems to me that it wouldn't be too unreasonable to have a tickbox enable a regular log entry every time something changes in the active lease table (the log entry being what changed with IP, mac, and assigned/renewed/released). I can easily send that event to a dedicated log file sitting on flash.
Assume a scenario of a hotdesk at a remote site that anyone at the facility can plug a laptop into, or a road warrior who's only "allowed" to plug their work machine into the vpn-router. There's no other servers/services at the site, the user must be able to connect to the internet whether the vpn is up or down, and the logs/dhcp-record must be reliably kept.
Further, the existing DHCP logs "above" the debug level don't include the mac address or IP, and only seem to include dhcp-client events (rather than dhcp-server events). The DHCP debug-level events which allow reconstruction of the event, including mac address and IP, aren't actually compliant with the SYSLOG specification, creating its own headaches if you try to use them for auditing.