Tracking IP-Usage
Claus Holm Christensen
iscdhcp at claushc.dk
Sat Jan 24 12:09:47 UTC 2009
Anders Rosendal skrev:
> I’m looking at creating a script that will parse the dhcpd-logfile and
> create start / stop records for when a IP is leased, and when a IP lease
> has expired or an IP release message is received from the client.
It's possible. We did it by parsing the dhcpd.leases backup file two
times every hour and extracting the requested information about all the
IP addresses, option-82 data and so on.
> The reason for this is to create a simple log of which customer had a
> specific IP at a specific time. The log is what will be saved a couple
> of years for abuse purposes. Customer im my case is a port in a switch
> which is extracted from the option-82 fields.
The european anti terror laws also require you to keep this log. You
may be lucky that you're only going to implement it later, but here in
Denmark we have been stuck with it for the last year.
> Log would contain lines like:
> Jan 23 18:23:09 2009 START 192.168.10.10 Fa0/3.as32.myname.com
> Jan 24 08:17:12 2009 STOP 192.168.10.10 Fa0/3.as32.myname.com
You will get a problem with converting the Option-82 information to real
interface names like that. Cisco switches uses different formats
between switches, IOS revisions and depends on configuration parameters
that was only available in a previous software release... It's a mess!
If you got the time, then work yourself through all your switches, and
configure each and every port to use it's own uniqe identifier. That's
also a mess, since replacements and user errors might leave a port
"unconfigured", but then at least you have something to search your logs
for.
> When parsing the log it would be a world of difference if the actual
> dhcp-logfile would contain logentries for when an IP-lease is expired.
That's difficult by watching the dhcpd.leases file, since active leases
do have an expiration time, but you don't know if it's being renewed
later...
It's easier to pull a lot of requests/renewals out of the leases file,
and then just assume that a customer has left his IP if nothing is heard
from him after the lease time has elapsed. You also know that the
previous customer has released his address if the address is issued to
somebody else...
> Is it possible to configure the dhcpd 3.0.6 to generate a logmessage
> when IP-leases expire, and the IP is considered “free”?
Too bad you requested 3.0.6, I think it should be possible to work it
out with the execute() parameter in later versions, but I'm too busy to
fix a system already working now :-)
--
Claus Holm Christensen
More information about the dhcp-users
mailing list