[Kea-users] Kea logging
Munroe Sollog
mus3 at lehigh.edu
Tue Dec 5 14:41:31 UTC 2017
I am not familiar with splunk as we use logstash, but can't you just use
syslog to forward them to splunk and then just parse them accordingly?
On Tue, Dec 5, 2017 at 9:39 AM, Mikael Bjerkeland <mikael at bjerkeland.com>
wrote:
> I am also interested in this. I started writing a Splunk add-on to extract
> and parse the logs. Posting the URL in case anyone else needs this:
>
> https://github.com/inspired/TA-isc-kea-dhcp-server-add-on-
> for-splunk-enterprise
>
>
> 5. des. 2017 15:35 skrev "Munroe Sollog" <mus3 at lehigh.edu>:
>
>> I'm using this document as reference:
>>
>> http://kea.isc.org/docs/kea-messages.html#messages
>>
>> When it comes to DHCP the decades-old process has long been understood as
>> DORA or DORG
>>
>> Discover, Offer, Request/Renew, Acknowledge/Grant
>>
>> Looking at my logs and the above website, it looks like the ISC has
>> abandoned these words and replaced them with things like 'LEASE_ALLOC" and
>> "LEASE_ADVERT" and "INIT_REBOOT". I have not been able to find an
>> equivalent message for discover yet.
>>
>> As a system/network administrator, I found it incredibly useful to be
>> able to follow the DORA process in the logs, especially when
>> troubleshooting a problem.
>>
>> Am I missing a configuration parameter that might restore some of this
>> functionality?
>>
>> --
>> Munroe Sollog
>> Senior Network Engineer
>> munroe at lehigh.edu
>>
>> _______________________________________________
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
>>
--
Munroe Sollog
Senior Network Engineer
munroe at lehigh.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20171205/06072121/attachment.htm>
More information about the Kea-users
mailing list