DHCP log analysis software ?
Chance Delome
cdelome at lus.org
Wed Jun 22 08:46:18 UTC 2011
SPLUNK all the way!
There's a DHCP app that can be customized to tailor your specific needs.
Chance
Thanks for the feedback.
I do already use syslog-ng, which can help, but the analysis I am
wanting is
for making graphs and statistical reports based scopes of interest that
are
not known in advance, and so I always want to log all DHCP activity, and
then extract the interesting cross section after the fact, and then
produce
reports and graphs from it.
--
Gordon A. Lang
----- Original Message -----
From: "Randy Gordey" <gordey at stdio.com
<https://lists.isc.org/mailman/listinfo/dhcp-users> >
To: "'Users of ISC DHCP'" <dhcp-users at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users> >
Sent: Saturday, June 18, 2011 4:57 PM
Subject: RE: DHCP log analysis software ?
> Hoping to cut down on some of your coding and debugging time... I use
> syslog-ng to parse DHCP messages out of /var/log/messages and either
> forward
> them to my central logging server or at the log server put them in
> /var/log/dhcpd.log. One file to examine. You could also put all logs
in a
> sub directory by machine like /var/log/dhcp/192.168.1.1.dhcp.log with
> syslog-ng just as easy.
>
> -----Original Message-----
> From: dhcp-users-bounces+gordey=stdio.com at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users>
> [mailto:dhcp-users-bounces+gordey=stdio.com at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users> ] On Behalf Of
> Gordon A. Lang
> Sent: Saturday, June 18, 2011 8:08 AM
> To: dhcp-users at isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users>
> Subject: DHCP log analysis software ?
>
> I was thinking about writing a program to analyze my DHCP logs.
> I think it was be very useful to have a filter program that accepts
> a raw syslog stream that includes messages from all servers of
> interest, collects and normalizes the DHCP messages, selects
> interesting messages using a regular expression, and provides
> a set of parameters every <n> seconds. The set of parameters
> would include:
> 1. Number of DISCOVER's
> 2. Number of REQUEST's
> 3. Number of OFFER response times less than <t1>
> 4. Number of OFFER response times between <t1> and <t2>
> 5. Number of OFFER response times between <t2> and <t3>
> 6. Number of OFFER response times greater than <t3>
> 7. Number of ACK response times less than <t4>
> 8. Number of ACK response times between <t4> and <t5>
> 9. Number of ACK response times between <t5> and <t6>
> 10. Number of ACK response times greater than <t6>
>
> I am picturing the output of the filter could be fed into another
> filter that could produce moving averages of DISCOVER and
> REQUEST rates as well as moving averages of each of the
> four response time occurrence rates for OFFER's and ACK's.
>
> I would also like to see the filter use knowledge about the failover
> pairs and pool associations for each to report events on a per
> pool basis -- things like pool depletion, excessive pool
> balancing, persisting pool imbalance, broadcast packets going
> to one server but not the other, packets going to the wrong server,
> server providing responses when the response was supposed
> to come from its partner, and whatever else.
>
> But it occurred to me that there is probably something out there
> already written and debugged, so why reinvent the wheel? And
> besides, a program like this would take a lot more time than I
> have available right now, and I could really use something today.
>
> Does anyone know of something available?
>
> --
> Gordon A. Lang
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users>
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20110622/d890fcf5/attachment.html>
More information about the dhcp-users
mailing list