Discussion:
successful lease event trigger
Terry L. Inzauro
2009-06-10 23:59:49 UTC
Permalink
List,

Whats the best way to keep/record ALL lease activity?


regards,


_Terry
Niall O'Reilly
2009-06-11 08:32:15 UTC
Permalink
Post by Terry L. Inzauro
List,
Whats the best way to keep/record ALL lease activity?
It's not clear to me what your requirements are:
"best" for what purpose, "activity" in what sense?

The leases file shows the current state of all known dynamic
leases, but not that of leases which are unknown. IIUC, a lease
becomes unknown which has at some time been, but no longer
remains, in the server's configuration, as it is not written to
the leases file when this is updated. If you need to record
leases from before the last significant configuration change,
you need to take account of this.

The logs show the recent history of lease activity, according
to how long you keep them. This history will show transaction-
-level detail of activity relating to fixed addresses and to
unknown (no longer known) leases. It will also show activity
relating to earlier history of currently known leases.

I think you'll find discussions both on processing logs and on
parsing the leases file in the archives of this list.

If you can express your purpose more clearly, you may find
either that a well-known solution is available or that there
are people on this list who are interested in working with you
to solve an outstanding problem.

Best regards,

Niall O'Reilly
University College Dublin IT Services
Terry L. Inzauro
2009-06-11 11:03:03 UTC
Permalink
Post by Niall O'Reilly
Post by Terry L. Inzauro
List,
Whats the best way to keep/record ALL lease activity?
"best" for what purpose, "activity" in what sense?
The leases file shows the current state of all known dynamic
leases, but not that of leases which are unknown. IIUC, a lease
becomes unknown which has at some time been, but no longer
remains, in the server's configuration, as it is not written to
the leases file when this is updated. If you need to record
leases from before the last significant configuration change,
you need to take account of this.
The logs show the recent history of lease activity, according
to how long you keep them. This history will show transaction-
-level detail of activity relating to fixed addresses and to
unknown (no longer known) leases. It will also show activity
relating to earlier history of currently known leases.
I think you'll find discussions both on processing logs and on
parsing the leases file in the archives of this list.
If you can express your purpose more clearly, you may find
either that a well-known solution is available or that there
are people on this list who are interested in working with you
to solve an outstanding problem.
Best regards,
Niall O'Reilly
University College Dublin IT Services
Well put.

I would define best as "most efficient and easy to maintain". I like to keep configuration as simple and close to standards
as possible.

-----

I am trying to derive a method of retaining the MAC/IP combinations (and maybe other information) for all successful leases
for compliance and auditing purposes. Basically, in the public sector, I have to be able to tell law enforcement who (which
mac addres) had obtained an address and at what time (to the best of my knowledge).

At first I envisioned a script being ran upon a successful lease that would log various info to SQL or something like that.
I thought this method would be possible based on the section called 'REFERENCE: EVENTS' (in man 5 dhcpd.conf) but I am
finding a lack of documentation or examples on that particular subject.

Perhaps I am making something out of nothing. Is this problem simply a matter tuning syslog-ng to log all DHCPD related
messages to a log that is later archived indefinitely?
Jason Gerfen
2009-06-11 11:09:38 UTC
Permalink
I hate tooting my own horn but I am the developer of the phpDHCPAdmin
software that utilizes a MySQL backend to dynamically generate lease file
data for clients and it automatically stores them. It is on
sourceforge.netif you wish to test drive the application.
Post by Terry L. Inzauro
Post by Niall O'Reilly
Post by Terry L. Inzauro
List,
Whats the best way to keep/record ALL lease activity?
"best" for what purpose, "activity" in what sense?
The leases file shows the current state of all known dynamic
leases, but not that of leases which are unknown. IIUC, a lease
becomes unknown which has at some time been, but no longer
remains, in the server's configuration, as it is not written to
the leases file when this is updated. If you need to record
leases from before the last significant configuration change,
you need to take account of this.
The logs show the recent history of lease activity, according
to how long you keep them. This history will show transaction-
-level detail of activity relating to fixed addresses and to
unknown (no longer known) leases. It will also show activity
relating to earlier history of currently known leases.
I think you'll find discussions both on processing logs and on
parsing the leases file in the archives of this list.
If you can express your purpose more clearly, you may find
either that a well-known solution is available or that there
are people on this list who are interested in working with you
to solve an outstanding problem.
Best regards,
Niall O'Reilly
University College Dublin IT Services
Well put.
I would define best as "most efficient and easy to maintain". I like to
keep configuration as simple and close to standards
as possible.
-----
I am trying to derive a method of retaining the MAC/IP combinations (and
maybe other information) for all successful leases
for compliance and auditing purposes. Basically, in the public sector, I
have to be able to tell law enforcement who (which
mac addres) had obtained an address and at what time (to the best of my knowledge).
At first I envisioned a script being ran upon a successful lease that would
log various info to SQL or something like that.
I thought this method would be possible based on the section called
'REFERENCE: EVENTS' (in man 5 dhcpd.conf) but I am
finding a lack of documentation or examples on that particular subject.
Perhaps I am making something out of nothing. Is this problem simply a
matter tuning syslog-ng to log all DHCPD related
messages to a log that is later archived indefinitely?
_______________________________________________
dhcp-users mailing list
https://lists.isc.org/mailman/listinfo/dhcp-users
--
Jason Gerfen
***@gmail.com

~ tomorrow ain't promised so we live for today
Terry L. Inzauro
2009-06-11 14:49:55 UTC
Permalink
Post by Jason Gerfen
I hate tooting my own horn but I am the developer of the phpDHCPAdmin
software that utilizes a MySQL backend to dynamically generate lease file
data for clients and it automatically stores them. It is on
sourceforge.netif you wish to test drive the application.
Post by Terry L. Inzauro
Post by Niall O'Reilly
Post by Terry L. Inzauro
List,
Whats the best way to keep/record ALL lease activity?
"best" for what purpose, "activity" in what sense?
The leases file shows the current state of all known dynamic
leases, but not that of leases which are unknown. IIUC, a lease
becomes unknown which has at some time been, but no longer
remains, in the server's configuration, as it is not written to
the leases file when this is updated. If you need to record
leases from before the last significant configuration change,
you need to take account of this.
The logs show the recent history of lease activity, according
to how long you keep them. This history will show transaction-
-level detail of activity relating to fixed addresses and to
unknown (no longer known) leases. It will also show activity
relating to earlier history of currently known leases.
I think you'll find discussions both on processing logs and on
parsing the leases file in the archives of this list.
If you can express your purpose more clearly, you may find
either that a well-known solution is available or that there
are people on this list who are interested in working with you
to solve an outstanding problem.
Best regards,
Niall O'Reilly
University College Dublin IT Services
Well put.
I would define best as "most efficient and easy to maintain". I like to
keep configuration as simple and close to standards
as possible.
-----
I am trying to derive a method of retaining the MAC/IP combinations (and
maybe other information) for all successful leases
for compliance and auditing purposes. Basically, in the public sector, I
have to be able to tell law enforcement who (which
mac addres) had obtained an address and at what time (to the best of my knowledge).
At first I envisioned a script being ran upon a successful lease that would
log various info to SQL or something like that.
I thought this method would be possible based on the section called
'REFERENCE: EVENTS' (in man 5 dhcpd.conf) but I am
finding a lack of documentation or examples on that particular subject.
Perhaps I am making something out of nothing. Is this problem simply a
matter tuning syslog-ng to log all DHCPD related
messages to a log that is later archived indefinitely?
_______________________________________________
dhcp-users mailing list
https://lists.isc.org/mailman/listinfo/dhcp-users
Toot away. I'll certainly take a look.

Thanks for the reply.


regards,


_Terry
Frank Sweetser
2009-06-11 11:51:29 UTC
Permalink
Post by Terry L. Inzauro
I am trying to derive a method of retaining the MAC/IP combinations (and
maybe other information) for all successful leases for compliance and
auditing purposes. Basically, in the public sector, I have to be able to
tell law enforcement who (which mac addres) had obtained an address and at
what time (to the best of my knowledge).
At first I envisioned a script being ran upon a successful lease that would
log various info to SQL or something like that. I thought this method would
be possible based on the section called 'REFERENCE: EVENTS' (in man 5
dhcpd.conf) but I am finding a lack of documentation or examples on that
particular subject.
Perhaps I am making something out of nothing. Is this problem simply a
matter tuning syslog-ng to log all DHCPD related messages to a log that is
later archived indefinitely?
I use the syslog method, with this config block in my dhcpd config:

on commit { if (static) {
log (info, concat (
"DHCPNETMON ",
binary-to-ascii (10,32,"",encode-int (lease-time,32))," ",
substring (binary-to-ascii (16,8,":",hardware), 2,17)," ",
binary-to-ascii (10,8,".",leased-address)," ",
pick-first-value(host-decl-name, "(none)"),
" static"));
} else {
log (info, concat (
"DHCPNETMON ",
binary-to-ascii (10,32,"",encode-int (lease-time,32))," ",
substring (binary-to-ascii (16,8,":",hardware), 2,17)," ",
binary-to-ascii (10,8,".",leased-address), " ",
pick-first-value(ddns-fwd-name, "(none)"),
" dynamic"));
}
}

This gets both static and dynamic leases, and also lets me filter on exactly
the log messages that I want via the DHCPNETMON tag (easy enough to change to
something more meaningful in your environment, of course).

You should be aware, though, that this only tells you what address was
assigned to a host, not necessarily what address was actually in use by any
given host. Other factors, such as static configurations and rouge DHCP
servers, can make reality out of sync with your records. I'd highly recommend
that you look into some way of tracking ARP tables on your routers as well, so
that you have a record of what was actually in use.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
Hans Liss
2009-06-12 19:02:13 UTC
Permalink
Post by Terry L. Inzauro
Post by Niall O'Reilly
Post by Terry L. Inzauro
List,
Whats the best way to keep/record ALL lease activity?
"best" for what purpose, "activity" in what sense?
The leases file shows the current state of all known dynamic
leases, but not that of leases which are unknown. IIUC, a lease
becomes unknown which has at some time been, but no longer
remains, in the server's configuration, as it is not written to
the leases file when this is updated. If you need to record
leases from before the last significant configuration change,
you need to take account of this.
The logs show the recent history of lease activity, according
to how long you keep them. This history will show transaction-
-level detail of activity relating to fixed addresses and to
unknown (no longer known) leases. It will also show activity
relating to earlier history of currently known leases.
I think you'll find discussions both on processing logs and on
parsing the leases file in the archives of this list.
If you can express your purpose more clearly, you may find
either that a well-known solution is available or that there
are people on this list who are interested in working with you
to solve an outstanding problem.
Best regards,
Niall O'Reilly
University College Dublin IT Services
Well put.
I would define best as "most efficient and easy to maintain". I like to keep configuration as simple and close to standards
as possible.
-----
I am trying to derive a method of retaining the MAC/IP combinations (and maybe other information) for all successful leases
for compliance and auditing purposes. Basically, in the public sector, I have to be able to tell law enforcement who (which
mac addres) had obtained an address and at what time (to the best of my knowledge).
At first I envisioned a script being ran upon a successful lease that would log various info to SQL or something like that.
I thought this method would be possible based on the section called 'REFERENCE: EVENTS' (in man 5 dhcpd.conf) but I am
finding a lack of documentation or examples on that particular subject.
Perhaps I am making something out of nothing. Is this problem simply a matter tuning syslog-ng to log all DHCPD related
messages to a log that is later archived indefinitely?
I and a friend of mine spent a lot of time considering the options for
doing exactly this, and we decided that there was really only one way to
make it truly reliable, especially when running multiple dhcp servers in
failover and standalone configurations. Tricks like keeping track of
syslog entries or reading from the dhcpd.leases file just don't cut it
in a production environment.

Instead, we opted for a small patch to dhcpd, to log all grants and
releases to a small local database (using sqlite for performance and
reliability), and then using a separate daemon to read those events and
maintain lease entries in a central MySQL database, which means we can
save lease information, including Option-82 data, for as long as we like.

This solution is very reliable and scalable, since nothing gets lost
even if the daemon or the MySQL database is temporarily inaccessible -
the events just get queued up in the sqlite database until they are
processed. And since dhcpd iself produces the data, there is no text
parsing whatsoever involved.

If you want to try this out, check out
http://hans.liss.pp.se/software/gluff - there's much more info there, as
well as the source code and patch.

/Hans

Continue reading on narkive:
Loading...