DHCP log analysis software ?

Chance Delome cdelome at lus.org
Wed Jun 22 08:46:18 UTC 2011 

SPLUNK all the way!

There's a DHCP app that can be customized to tailor your specific needs.

 

 

Chance 

 

 

Thanks for the feedback.
 
I do already use syslog-ng, which can help, but the analysis I am
wanting is 
for making graphs and statistical reports based scopes of interest that
are 
not known in advance, and so I always want to log all DHCP activity, and

then extract the interesting cross section after the fact, and then
produce 
reports and graphs from it.
 
--
Gordon A. Lang
 
----- Original Message ----- 
From: "Randy Gordey" <gordey at stdio.com
<https://lists.isc.org/mailman/listinfo/dhcp-users> >
To: "'Users of ISC DHCP'" <dhcp-users at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users> >
Sent: Saturday, June 18, 2011 4:57 PM
Subject: RE: DHCP log analysis software ?
 
 
> Hoping to cut down on some of your coding and debugging time... I use
> syslog-ng to parse DHCP messages out of /var/log/messages and either 
> forward
> them to my central logging server or at the log server put them in
> /var/log/dhcpd.log. One file to examine. You could also put all logs
in a
> sub directory by machine like /var/log/dhcp/192.168.1.1.dhcp.log with
> syslog-ng just as easy.
> 
> -----Original Message-----
> From: dhcp-users-bounces+gordey=stdio.com at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users> 
> [mailto:dhcp-users-bounces+gordey=stdio.com at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users> ] On Behalf Of
> Gordon A. Lang
> Sent: Saturday, June 18, 2011 8:08 AM
> To: dhcp-users at isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users> 
> Subject: DHCP log analysis software ?
> 
> I was thinking about writing a program to analyze my DHCP logs.
> I think it was be very useful to have a filter program that accepts
> a raw syslog stream that includes messages from all servers of
> interest, collects and normalizes the DHCP messages, selects
> interesting messages using a regular expression, and provides
> a set of parameters every <n> seconds.  The set of parameters
> would include:
>   1. Number of DISCOVER's
>   2. Number of REQUEST's
>   3. Number of OFFER response times less than <t1>
>   4. Number of OFFER response times between <t1> and <t2>
>   5. Number of OFFER response times between <t2> and <t3>
>   6. Number of OFFER response times greater than <t3>
>   7. Number of ACK response times less than <t4>
>   8. Number of ACK response times between <t4> and <t5>
>   9. Number of ACK response times between <t5> and <t6>
>  10. Number of ACK response times greater than <t6>
> 
> I am picturing the output of the filter could be fed into another
> filter that could produce moving averages of DISCOVER and
> REQUEST rates as well as moving averages of each of the
> four response time occurrence rates for OFFER's and ACK's.
> 
> I would also like to see the filter use knowledge about the failover
> pairs and pool associations for each to report events on a per
> pool basis -- things like pool depletion, excessive pool
> balancing, persisting pool imbalance, broadcast packets going
> to one server but not the other, packets going to the wrong server,
> server providing responses when the response was supposed
> to come from its partner, and whatever else.
> 
> But it occurred to me that there is probably something out there
> already written and debugged, so why reinvent the wheel?  And
> besides, a program like this would take a lot more time than I
> have available right now, and I could really use something today.
> 
> Does anyone know of something available?
> 
> --
> Gordon A. Lang
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users> 
> https://lists.isc.org/mailman/listinfo/dhcp-users
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
<https://lists.isc.org/mailman/listinfo/dhcp-users> 
> https://lists.isc.org/mailman/listinfo/dhcp-users

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20110622/d890fcf5/attachment.html>

More information about the dhcp-users mailing list