Tracking IP-Usage

Claus Holm Christensen iscdhcp at claushc.dk
Sat Jan 24 12:09:47 UTC 2009


Anders Rosendal skrev:
> I’m looking at creating a script that will parse the dhcpd-logfile and 
> create start / stop records for when a IP is leased, and when a IP lease 
> has expired or an IP release message is received from the client.

It's possible. We did it by parsing the dhcpd.leases backup file two 
times every hour and extracting the requested information about all the 
IP addresses, option-82 data and so on.

> The reason for this is to create a simple log of which customer had a 
> specific IP at a specific time. The log is what will be saved a couple 
> of years for abuse purposes. Customer im my case is a port in a switch 
> which is extracted from the option-82 fields.

The european anti terror laws also require you to keep this log.  You 
may be lucky that you're only going to implement it later, but here in 
Denmark we have been stuck with it for the last year.

> Log would contain lines like:
> Jan 23 18:23:09 2009 START 192.168.10.10 Fa0/3.as32.myname.com
> Jan 24 08:17:12 2009 STOP 192.168.10.10 Fa0/3.as32.myname.com

You will get a problem with converting the Option-82 information to real 
interface names like that.  Cisco switches uses different formats 
between switches, IOS revisions and depends on configuration parameters 
that was only available in a previous software release... It's a mess!

If you got the time, then work yourself through all your switches, and 
configure each and every port to use it's own uniqe identifier.  That's 
also a mess, since replacements and user errors might leave a port 
"unconfigured", but then at least you have something to search your logs 
for.

> When parsing the log it would be a world of difference if the actual 
> dhcp-logfile would contain logentries for when an IP-lease is expired.

That's difficult by watching the dhcpd.leases file, since active leases 
do have an expiration time, but you don't know if it's being renewed 
later...

It's easier to pull a lot of requests/renewals out of the leases file, 
and then just assume that a customer has left his IP if nothing is heard 
from him after the lease time has elapsed.  You also know that the 
previous customer has released his address if the address is issued to 
somebody else...

> Is it possible to configure the dhcpd 3.0.6 to generate a logmessage 
> when IP-leases expire, and the IP is considered “free”?

Too bad you requested 3.0.6, I think it should be possible to work it 
out with the execute() parameter in later versions, but I'm too busy to 
fix a system already working now :-)


-- 
Claus Holm Christensen



More information about the dhcp-users mailing list