~:: kalyan ::~

Configure DHCP with logging Service

The dhcp really emits the log message when it does some transaction like acknowledgement, offer, and assinging lease and all. But it n all goes to /var/log/message. Searching the dhcp related logs in the message on the fly would be difficult things. The -d -f options helps. But this enforces the dhcp to run on the foreground, we don’t need this. We want to keep the records like who all talked to my server. The syslogd comes in hand in this situation.

First we will configure the syslogd daemon and then dhcp. Edit the /etc/syslog.conf file. There will be some thing like local1 through local7.

It looks something like this

# Some foreign boot scripts require local7
local0,local1.* -/var/log/localmessages
local2,local3.* -/var/log/localmessages
local4,local5.* -/var/log/localmessages
local6,local7.* -/var/log/localmessages

modify the last line , we will use the local7

save it and run the syslogd daemon.

Now it is time to configure the dhcpd. Open your /etc/dhcpd.conf and add the following line “log-facility local7;” and the ppl who uses directory services as a backend add this option as dhcpStatments in your global configarion (i.e) dhcpService. Now run your dhcp server with no option . We dont need any options (-d -f). Now look at the /var/log/dhcpd.log file.

You get all the transaction saved. 🙂

Now again one more situtaion. You have two dhcp servers you wanted to get alerted when ever there is a transaction and both dhcp servers are different location (far far away from your desktop). The solution is again syslogs. It brings all the dhcp logs to your desktop. The syslogd acts as a forwarders simply. So configure syslogd to forward to your machine.

First make sure /etc/services file has the line “syslog 514/udp”. This says the syslog daemon is going to use this port 514 for sending and forwarding messages. Now edit /etc/syslog.conf file and put the line local7.* -@hostname instead of local7.* -/var/log/dhcp.log.

For example you have two machines hostnamed (A,B) and your desktop is named as DESKTOP. Now the syslog.conf at the machine A and B should have local7.* -@DESKTOP. Save the files.

Now start the syslogd daemon with -r option in all the machines(A,B,DESKTOP) and now start the dhcp server on A and B. It will start forwarding the logs. Your DESKTOP should contain local7.* -/var/log/alldhcp.log in the /etc/syslog.conf file.

Dont forget to start the deamon with -r option. Sometimes it will not forward that means some thing had gone wrong. Stop all syslogd , dhcpd and check your all configuration files and start the daemons again. Make sure you are able to resolve the host name by “host DESKTOP”.

The log messages gets stored in the format of Date : Time : Host : Daemon name : Message.

Now put tail -f /var/log/alldhcp.log in your desktop and watch it. It is really cool, heh.. 🙂

Now many distros are (atleast SuSE) not shipping with syslog instead it is getting shipped with syslog-ng. Related page is here


1 Comment »

  1. How do I increase the logging level of DHCPD? I have a large number of options configured, and I know the client is fetching the options, but there is no logging of the options being transmitted to the client. I need to log everything for debug piurposes.

    Comment by George — December 15, 2012 @ 7:45 pm

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at WordPress.com.

%d bloggers like this: