Community discussions

MikroTik App
 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Future request: Better DHCP debug logging.

Sat Oct 01, 2022 10:54 am

I do use DHCP debug logs to get an overview of all DHCP activity.
Problem is that one request is spread over multiple lines:
dhcp,debug MikroTik: DHCP-vlan1-Home received request id 679110733 from 10.10.10.115 '1:0:25:36:56:7c:1c'
dhcp,debug,packet MikroTik:     ciaddr = 10.0.0.115
dhcp,debug,packet MikroTik:     chaddr = 00:25:36:56:7C:1C
dhcp,debug,packet MikroTik:     Host-Name = "B431-567C1C"
dhcp,debug,packet MikroTik:     Msg-Type = request
dhcp,debug,packet MikroTik:     Parameter-List = Subnet-Mask,Router,Host-Name,Unknown(23),Domain-Server,Domain-Name,NTP-Server,NETBIOS-Name-Server,NETBIOS-Scope
dhcp,debug,packet MikroTik:     Max-DHCP-Message-Size = 1500
dhcp,debug,packet MikroTik:     Class-Id = "B431"
dhcp,debug,packet MikroTik:     Client-Id = 01-00-25-36-56-7C-1C
dhcp,debug MikroTik: lease bound, extending
dhcp,debug MikroTik: DHCP-vlan1 sending ack with id 679110733 to 10.10.10.115
dhcp,debug,packet MikroTik:     ciaddr = 10.0.0.115
dhcp,debug,packet MikroTik:     yiaddr = 10.0.0.115
dhcp,debug,packet MikroTik:     siaddr = 10.0.0.1
dhcp,debug,packet MikroTik:     chaddr = 00:25:36:56:7C:1C
dhcp,debug,packet MikroTik:     Subnet-Mask = 255.255.254.0
dhcp,debug,packet MikroTik:     Router = 10.0.0.1
dhcp,debug,packet MikroTik:     Domain-Server = 10.0.0.1
This I can handle in Splunk using transaction function. Problem will come when there are multiple DHCP request within same short time frame.
It could be solved by giving all request its own unique ID, some like this
dhcp,debug MikroTik: DHCP-vlan1-Home received request id 679110733 from 10.10.10.115 '1:0:25:36:56:7c:1c'
dhcp,debug,packet MikroTik:     ID=4F36,ciaddr = 10.0.0.115
dhcp,debug,packet MikroTik:     ID=4F36,chaddr = 00:25:36:56:7C:1C
dhcp,debug,packet MikroTik:     ID=4F36,Host-Name = "B431-567C1C"
dhcp,debug,packet MikroTik:     ID=4F36,Msg-Type = request
dhcp,debug,packet MikroTik:     ID=4F36,Parameter-List = Subnet-Mask,Router,Host-Name,Unknown(23),Domain-Server,Domain-Name,NTP-Server,NETBIOS-Name-Server,NETBIOS-Scope
dhcp,debug,packet MikroTik:     ID=4F36,Max-DHCP-Message-Size = 1500
dhcp,debug,packet MikroTik:     ID=4F36,Class-Id = "B431"
dhcp,debug,packet MikroTik:     ID=4F36,Client-Id = 01-00-25-36-56-7C-1C
dhcp,debug MikroTik: ID=4F36,lease bound, extending
dhcp,debug MikroTik: ID=4F36,DHCP-vlan1 sending ack with id 679110733 to 10.10.10.115
dhcp,debug,packet MikroTik:     ID=4F36,ciaddr = 10.0.0.115
dhcp,debug,packet MikroTik:     ID=4F36,yiaddr = 10.0.0.115
dhcp,debug,packet MikroTik:     ID=4F36,siaddr = 10.0.0.1
dhcp,debug,packet MikroTik:     ID=4F36,chaddr = 00:25:36:56:7C:1C
dhcp,debug,packet MikroTik:     ID=4F36,Subnet-Mask = 255.255.254.0
dhcp,debug,packet MikroTik:     ID=4F36,Router = 10.0.0.1
dhcp,debug,packet MikroTik:     ID=4F36,Domain-Server = 10.0.0.1
This way transaction could be made using ID and two DHCP request at same time would be separated.

Also MT should look at the logging mess (that they told me that they should do in a support ticket.)
viewtopic.php?t=124291

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], emunt6, jaclaz and 68 guests