One DHCP log may looks like this:
Code: Select all
dhcp,debug MikroTik: DHCP-vlan1-Home received request id 2236502480 from 0.0.0.0 '1:ab:4c:c2:30:3d:78'
dhcp,debug,packet MikroTik: secs = 1
dhcp,debug,packet MikroTik: ciaddr = 0.0.0.0
dhcp,debug,packet MikroTik: chaddr = AB:4C:C2:30:3D:78
dhcp,debug,packet MikroTik: Msg-Type = request
dhcp,debug,packet MikroTik: Parameter-List = Subnet-Mask,Classless-Route,Router,Domain-Server,Domain-Name,Unknown(108),Captive-Portal,Domain-Search,Auto-Proxy-Config
dhcp,debug,packet MikroTik: Max-DHCP-Message-Size = 1500
dhcp,debug,packet MikroTik: Client-Id = 01-A6-4C-C2-30-3D-78
dhcp,debug,packet MikroTik: Address-Request = 10.12.10.245
dhcp,debug,packet MikroTik: Server-Id = 10.12.10.1
dhcp,debug MikroTik: lease offered, addressed to me
dhcp,info MikroTik: DHCP-vlan1-Home assigned 10.10.10.245 for AB:4C:C2:30:3D:78
dhcp,debug MikroTik: DHCP-vlan1-Home sending ack with id 2236502480 to 10.10.10.245
dhcp,debug,packet MikroTik: ciaddr = 0.0.0.0
dhcp,debug,packet MikroTik: yiaddr = 10.12.10.245
dhcp,debug,packet MikroTik: siaddr = 10.12.10.1
dhcp,debug,packet MikroTik: chaddr = A6:4C:C2:30:3D:78
dhcp,debug,packet MikroTik: Msg-Type = ack
dhcp,debug,packet MikroTik: Server-Id = 10.12.10.1
dhcp,debug,packet MikroTik: Address-Time = 86400
dhcp,debug,packet MikroTik: Subnet-Mask = 255.255.254.0
dhcp,debug,packet MikroTik: Router = 10.12.10.1
dhcp,debug,packet MikroTik: Domain-Server = 10.12.10.1
Code: Select all
| transaction host startswith="eventtype=dhcp_received_request" endswith="eventtype=dhcp_domain_server" maxspan=1s
So my request: Add the "request id 2236502480 " to all packets sent on syslog, The we can join them based on this ID