Question about logging Option 82
Anton
warm at stack.ru
Fri Mar 5 12:42:59 UTC 2010
Thank You for Your answer. Now I tried this loggin section:
log ( error, binary-to-ascii(16,8,".",suffix(option agent.remote-id,6)) );
log ( error, binary-to-ascii(10,8,".",suffix(option agent.remote-id,4)) );
log ( error, binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)) );
log ( error, binary-to-ascii(10,8,".",suffix(option agent.circuit-id,1)) );
log ( error, binary-to-ascii (10, 8, ".", leased-address) );
And again in success request logged everything:
Mar 5 18:32:10 myhost daemon.err dhcpd: 0.c.ce.47.7c.0
Mar 5 18:32:10 myhost daemon.err dhcpd: 206.71.124.0
Mar 5 18:32:10 myhost daemon.err dhcpd: 100
Mar 5 18:32:10 myhost daemon.err dhcpd: 0
Mar 5 18:32:10 myhost daemon.err dhcpd: 192.168.70.18
but in no success logged nothing needful:
Mar 5 18:24:19 myhost daemon.err dhcpd: DHCPDISCOVER from 00:02:44:1d:7e:ea via eth0: network
192.168.70.16/28: no free leases
B.t.w. I use openwrt and dhcpd is running from openwrt trunk. I did not tried dhcpd on my linux PC. So
problem may be in the openwrt's ported dhcpd. Anyway I don't know the right config options for logging what I
want.
On Fri, 5 Mar 2010 18:03:46 +0600
Glenn Satchell <glenn.satchell at uniq.com.au> wrote:
> if exists agent.circuit-id
> {
> log ( error, concat(
> "SMAC:",binary-to-ascii(16,8,".",suffix(option agent.remote-id,6)),
> " SWIP:",binary-to-ascii(10,8,".",suffix(option agent.remote-id,4)),
> " VLAN:",binary-to-ascii (10, 16, "", substring( option
> agent.circuit-id, 2, 2)),
> " PORT:",binary-to-ascii(10,8,".",suffix(option agent.circuit-id,1)),
> " ip:",binary-to-ascii (10, 8, ".", leased-address)
> ));
> }
>
> If you get to the no free leases stage, then that means leased-address
> in null, and hence the whole concat() returns null. You probably need
> another condition in there to see if leased-address is non-null and
> maybe check option dhcp-message-type also since this gets parsed for
> messages like DHCPDISCOVER when no address is assigned.
>
>
> This is not related to your logging question, but you can simplify the
> match statements you are using. No need to convert to ascii first. A
> binary string can be represented as a series of colon separated hex
> digits. See dhcp-eval man page. eg:
>
> # c2950
> class "192.168.70.18"{ match if binary-to-ascii (10, 8, "", suffix(
> option agent.circuit-id, 1)) = "0"
> and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) =
> "0.c.ce.47.7c.0";}
>
> becomes:
>
> class "192.168.70.18" {
> match if suffix(option agent.circuit-id, 1) = 0
> and suffix(option agent.remote-id,6) = 0:c:ce:47:7c:0;
> }
>
> HTH.
>
> regards,
> -glenn
>
> On 03/05/10 16:56, Anton wrote:
> > Hi.
> >
> > I have isc dhcp server to serve dhcp requests with option 82. Server works. The problem is that it does
> > not log circuit-id information when request can not be handled but it logs this information when request
> > is accepted. Very hard to debug switches settings.
> >
> > When request is success log entry looks like:
> > ----------------------------------------------------------------------------------------------------------------
> > Mar 5 11:25:40 myhost daemon.err dhcpd: SMAC:0.c.ce.47.7c.0 SWIP:206.71.124.0 VLAN:100 PORT:0
> > ip:192.168.70.18 # ^^^^^^ - right MAC ^^^^^^ - wrong ip because
> > c2950 gives MAC in # Remote-id
> > ----------------------------------------------------------------------------------------------------------------
> >
> > Here I can see switch mac (can find the switch), see the right vlan-id and port number (0 -- is a first
> > port) -- all is fine.
> >
> > When request is failed log entry is:
> > --------------------------------------------------------------------------------------------------------------
> > Mar 5 11:45:54 myhost daemon.err dhcpd: DHCPDISCOVER from 00:02:44:1d:7e:ea via eth0: network
> > 192.168.70.16/28: no free leases
> > --------------------------------------------------------------------------------------------------------------
> > and that is all
> >
> > Yes, some switch is configured wrong but I can not see SMAC,VLAN,PORT. Switch sends circuit-id
> > information -- it can be seen in tcpdump but information is not human readable.
> >
> > I would like to see in logs option 82 information on every (success or no success) dhcp request if
> > circuit-id is presented. Is it possible ?
> >
> >
> > my dhcp.conf:
> > -----------------------------------------------------------------
> > option domain-name-servers 192.168.0.1, 192.168.10.1;
> >
> > default-lease-time 43200;
> > max-lease-time 86400;
> >
> > ddns-update-style none;
> > authoritative;
> >
> > subnet 192.168.1.0 netmask 255.255.254.0 {
> > }
> >
> > if exists agent.circuit-id
> > {
> > log ( error, concat(
> > # ^^^^^^ - tried here "info" and "debug" -- no result
> > "SMAC:",binary-to-ascii(16,8,".",suffix(option agent.remote-id,6)),
> > " SWIP:",binary-to-ascii(10,8,".",suffix(option agent.remote-id,4)),
> > " VLAN:",binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)),
> > " PORT:",binary-to-ascii(10,8,".",suffix(option agent.circuit-id,1)),
> > " ip:",binary-to-ascii (10, 8, ".", leased-address)
> > ));
> > }
> >
> > subnet 192.168.70.16 netmask 255.255.255.240 {
> > option routers 192.168.70.17;
> > option broadcast-address 192.168.70.31;
> >
> > # c2950
> > class "192.168.70.18"{ match if binary-to-ascii (10, 8, "", suffix( option agent.circuit-id, 1)) = "0"
> > and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = "0.c.ce.47.7c.0";}
> > class "192.168.70.19"{ match if binary-to-ascii (10, 8, "", suffix( option agent.circuit-id, 1)) = "1"
> > and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = "0.c.ce.47.7c.0";}
> > class "192.168.70.20"{ match if binary-to-ascii (10, 8, "", suffix( option agent.circuit-id, 1)) = "2"
> > and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = "0.c.ce.47.7c.0";}
> > ...
> > pool { range 192.168.70.18; allow members of "192.192.70.18"; }
> > pool { range 192.168.70.19; allow members of "192.192.70.19"; }
> > pool { range 192.168.70.20; allow members of "192.192.70.20"; }
> > ...
> > }
> > -----------------------------------------------------------------
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
--
Anton [WARM-RIPE]
Stack ltd division head
tel. 8 (3822) 555-797
More information about the dhcp-users
mailing list