SV: Tracking IP-Usage

Anders Rosendal anders at rosendal.nu
Sun Jan 25 21:25:44 UTC 2009 

Hi
I've already solved the option-82 things, and yes, Cisco's infinite wisdom when it comes to interface indexes really makes things unnecessary difficult.

I got some help "offlist" with getting expiry messages in the log file. This can be useful someone else as well.

To get a log message when an IP has expired add the following to the config.

on expiry { log(info, concat("expiry", " ", binary-to-ascii(10, 8, ".", leased-address))); }

Again, thanks Jon for the info!

Regards Anders R


-----Ursprungligt meddelande-----
Från: dhcp-users-bounces at lists.isc.org [mailto:dhcp-users-bounces at lists.isc.org] För Claus Holm Christensen
Skickat: den 24 januari 2009 13:10
Till: Users of ISC DHCP
Ämne: Re: Tracking IP-Usage

Anders Rosendal skrev:
> I'm looking at creating a script that will parse the dhcpd-logfile and 
> create start / stop records for when a IP is leased, and when a IP lease 
> has expired or an IP release message is received from the client.

It's possible. We did it by parsing the dhcpd.leases backup file two 
times every hour and extracting the requested information about all the 
IP addresses, option-82 data and so on.

> The reason for this is to create a simple log of which customer had a 
> specific IP at a specific time. The log is what will be saved a couple 
> of years for abuse purposes. Customer im my case is a port in a switch 
> which is extracted from the option-82 fields.

The european anti terror laws also require you to keep this log.  You 
may be lucky that you're only going to implement it later, but here in 
Denmark we have been stuck with it for the last year.

> Log would contain lines like:
> Jan 23 18:23:09 2009 START 192.168.10.10 Fa0/3.as32.myname.com
> Jan 24 08:17:12 2009 STOP 192.168.10.10 Fa0/3.as32.myname.com

You will get a problem with converting the Option-82 information to real 
interface names like that.  Cisco switches uses different formats 
between switches, IOS revisions and depends on configuration parameters 
that was only available in a previous software release... It's a mess!

If you got the time, then work yourself through all your switches, and 
configure each and every port to use it's own uniqe identifier.  That's 
also a mess, since replacements and user errors might leave a port 
"unconfigured", but then at least you have something to search your logs 
for.

> When parsing the log it would be a world of difference if the actual 
> dhcp-logfile would contain logentries for when an IP-lease is expired.

That's difficult by watching the dhcpd.leases file, since active leases 
do have an expiration time, but you don't know if it's being renewed 
later...

It's easier to pull a lot of requests/renewals out of the leases file, 
and then just assume that a customer has left his IP if nothing is heard 
from him after the lease time has elapsed.  You also know that the 
previous customer has released his address if the address is issued to 
somebody else...

> Is it possible to configure the dhcpd 3.0.6 to generate a logmessage 
> when IP-leases expire, and the IP is considered "free"?

Too bad you requested 3.0.6, I think it should be possible to work it 
out with the execute() parameter in later versions, but I'm too busy to 
fix a system already working now :-)


-- 
Claus Holm Christensen
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
This message has been scanned for viruses and
dangerous content by MailScanner on mars.rosendal.nu,
and is believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner on mars.rosendal.nu,
and is believed to be clean.

More information about the dhcp-users mailing list