Log question

[Simon Hobson]

Timothy Berlen wrote:

>I am looking for a log file that would keep all old lease information.
>
>I have been given a task to find supporting log files that show that a
>person had the same leased Ip address at 10 different dates and times.

After the fact is not the best time to be considering this !

Unless you have regular backups that include the leases file, then 
the leases file will be no help to you - only the most recent entries 
are kept after the cleanup that are done every hour.

You are now faced with a trawl through the system logfiles. The 
default logfile is system dependent, typically /var/log/messages on a 
Linux box. If you have those log files covering the periods in 
question, then it's a matter of looking though them for any messages 
from dhcpd for the ip address in question.

The fact that you have specific dates & times is a help, I would 
start by finding the point in the logfile closest to the date/time in 
question and search backward to find the most recent lease 
issue/renewal before then, and search forward to find the next event. 
It should then be possible to show that no other device had the 
address at that date/time.