DHCP log analysis software ?
Randy Gordey
gordey at stdio.com
Sat Jun 18 20:57:53 UTC 2011
Hoping to cut down on some of your coding and debugging time... I use
syslog-ng to parse DHCP messages out of /var/log/messages and either forward
them to my central logging server or at the log server put them in
/var/log/dhcpd.log. One file to examine. You could also put all logs in a
sub directory by machine like /var/log/dhcp/192.168.1.1.dhcp.log with
syslog-ng just as easy.
-----Original Message-----
From: dhcp-users-bounces+gordey=stdio.com at lists.isc.org
[mailto:dhcp-users-bounces+gordey=stdio.com at lists.isc.org] On Behalf Of
Gordon A. Lang
Sent: Saturday, June 18, 2011 8:08 AM
To: dhcp-users at isc.org
Subject: DHCP log analysis software ?
I was thinking about writing a program to analyze my DHCP logs.
I think it was be very useful to have a filter program that accepts
a raw syslog stream that includes messages from all servers of
interest, collects and normalizes the DHCP messages, selects
interesting messages using a regular expression, and provides
a set of parameters every <n> seconds. The set of parameters
would include:
1. Number of DISCOVER's
2. Number of REQUEST's
3. Number of OFFER response times less than <t1>
4. Number of OFFER response times between <t1> and <t2>
5. Number of OFFER response times between <t2> and <t3>
6. Number of OFFER response times greater than <t3>
7. Number of ACK response times less than <t4>
8. Number of ACK response times between <t4> and <t5>
9. Number of ACK response times between <t5> and <t6>
10. Number of ACK response times greater than <t6>
I am picturing the output of the filter could be fed into another
filter that could produce moving averages of DISCOVER and
REQUEST rates as well as moving averages of each of the
four response time occurrence rates for OFFER's and ACK's.
I would also like to see the filter use knowledge about the failover
pairs and pool associations for each to report events on a per
pool basis -- things like pool depletion, excessive pool
balancing, persisting pool imbalance, broadcast packets going
to one server but not the other, packets going to the wrong server,
server providing responses when the response was supposed
to come from its partner, and whatever else.
But it occurred to me that there is probably something out there
already written and debugged, so why reinvent the wheel? And
besides, a program like this would take a lot more time than I
have available right now, and I could really use something today.
Does anyone know of something available?
--
Gordon A. Lang
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list