DHCP log analysis software ?
Gordon A. Lang
glang at goalex.com
Sat Jun 18 13:08:09 UTC 2011
I was thinking about writing a program to analyze my DHCP logs.
I think it was be very useful to have a filter program that accepts
a raw syslog stream that includes messages from all servers of
interest, collects and normalizes the DHCP messages, selects
interesting messages using a regular expression, and provides
a set of parameters every <n> seconds. The set of parameters
would include:
1. Number of DISCOVER's
2. Number of REQUEST's
3. Number of OFFER response times less than <t1>
4. Number of OFFER response times between <t1> and <t2>
5. Number of OFFER response times between <t2> and <t3>
6. Number of OFFER response times greater than <t3>
7. Number of ACK response times less than <t4>
8. Number of ACK response times between <t4> and <t5>
9. Number of ACK response times between <t5> and <t6>
10. Number of ACK response times greater than <t6>
I am picturing the output of the filter could be fed into another
filter that could produce moving averages of DISCOVER and
REQUEST rates as well as moving averages of each of the
four response time occurrence rates for OFFER's and ACK's.
I would also like to see the filter use knowledge about the failover
pairs and pool associations for each to report events on a per
pool basis -- things like pool depletion, excessive pool
balancing, persisting pool imbalance, broadcast packets going
to one server but not the other, packets going to the wrong server,
server providing responses when the response was supposed
to come from its partner, and whatever else.
But it occurred to me that there is probably something out there
already written and debugged, so why reinvent the wheel? And
besides, a program like this would take a lot more time than I
have available right now, and I could really use something today.
Does anyone know of something available?
--
Gordon A. Lang
More information about the dhcp-users
mailing list