Option 82 logging on dhcpd 4.1.1 and red hat 6
project722
project722 at gmail.com
Wed Oct 5 17:43:51 UTC 2016
Thanks, I've settled on this code for now using substring and 0,9999 to
grab the full text.
if((option dhcp-message-type = 3 or option dhcp-message-type = 5) and
exists agent.circuit-id) {
log(info, concat( "OPTION-82 | IP =",
binary-to-ascii (10, 8, ".",leased-address),
" | MAC=",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 1, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 2, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 3, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 4, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 5, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 6, 1))),2), " | CIRCUIT-ID=",
binary-to-ascii (10, 8, ".", option agent.circuit-id),
" | REMOTE-ID=",
binary-to-ascii (10, 8, ".", option agent.circuit-id),
" | CIRCUIT-ID=",
substring( option agent.circuit-id, 0, 9999),
" | REMOTE-ID=",
substring( option agent.remote-id, 0, 9999)));
}
I was wondering though, with this code I am getting both the binary to
decimal output and the binary to text output as seen here:
Oct 5 11:14:33 dhcpd: OPTION-82 | IP =192.168.100.101 |
MAC=00:0f:94:4c:f7:80 |
CIRCUIT-ID=51.48.48.82.95.76.65.66.32.101.116.104.32.49.47.50.47.49.47.49.47.49.58.50.48.48
|
REMOTE-ID=51.48.48.82.95.76.65.66.32.101.116.104.32.49.47.50.47.49.47.49.47.49.58.50.48.48
| CIRCUIT-ID=300R_LAB eth 1/2/1/1/1:200 | REMOTE-ID=Option82Test__DATA_ETH1
Are there any other "conversions" of the packet I could grab besides these
two? If so what are they?
On Wed, Oct 5, 2016 at 11:52 AM, Ilkka Virta <itvirta at iki.fi> wrote:
> I mean something like:
>
> if((option dhcp-message-type = 3 or option dhcp-message-type = 5) and
> exists agent.circuit-id) {
> log(info, concat( "OPTION-82 | IP =",
> binary-to-ascii (10, 8, ".",leased-address),
> " | CIRCUIT-ID=", binary-to-ascii (10, 8, ".", option
> agent.circuit-id),
> " | REMOTE-ID=", binary-to-ascii (10, 8, ".", option
> agent.circuit-id),
> " | CIRCUIT-ID=", option agent.circuit-id,
> " | REMOTE-ID=", option agent.remote-id
> ));
>
> }
>
> Works for me on DHCP Server 4.3.1 (well, except that I can't test on any
> devices where circuit-id would contain human-readable output.)
>
> I don't know what you had on line 190 when you got that error,
> but in the last one you only gave one argument to suffix(), so you got an
> error since it needs two.
>
> (Of course you could use substring(option agent.circuit-id, 0, 9999)
> to get the whole string, too...)
>
> On 5.10. 19:18, project722 wrote:
>
>> It does not seem to like anything I try. My latest attempt:
>>
>> suffix (concat("CIRCUIT-ID=", ( option agent.circuit-id), "."))));
>>
>> It keeps complaining "comma expected" blah blah
>>
>> On Wed, Oct 5, 2016 at 11:01 AM, project722 <project722 at gmail.com
>> <mailto:project722 at gmail.com>> wrote:
>>
>> Do you mean something like this:
>>
>> suffix (concat("CIRCUIT-ID=", substring ( option agent.circuit-id,
>> 0, 9999,)
>>
>> Because this is not working either.
>>
>>
>> On Wed, Oct 5, 2016 at 10:41 AM, project722 <project722 at gmail.com
>> <mailto:project722 at gmail.com>> wrote:
>>
>> When I put that in as you have it listed I get errors when
>> validating the config.
>>
>> /etc/dhcp/dhcpd.conf line 190: expecting data expression.
>>
>> How does the actual statement need to look?
>>
>>
>> On Wed, Oct 5, 2016 at 9:56 AM, Ilkka Virta <itvirta at iki.fi
>> <mailto:itvirta at iki.fi>> wrote:
>>
>> If you want the whole of circuit-id printed, instead of a
>> part, just use concat(... "CIRCUIT-ID=", option
>> agent.circuit-id, ...) instead of calling substring().
>> substring(x, 2, 9999) takes the 9999 characters (bytes)
>> after the first two, which you'd want to use if you know you
>> don't have anything interesting in the first two bytes.
>>
>> On 5.10. 17:43, project722 wrote:
>>
>> Ok. Making progress. I have went with the following log
>> statements in my
>> conf file:
>>
>>
>> " | CIRCUIT-ID=",
>> substring( option agent.circuit-id, 2, 9999),
>> Which produces log output as follows:
>>
>>
>> | CIRCUIT-ID=0R_LAB eth 1/2/1/1/1:200 |
>> REMOTE-ID=tion82Test__DATA_ETH1
>>
>> My question is:
>>
>> Are my substrings at the bottom for pulling in text
>> correct? It appears
>> as if the first part of the strings are cut off. What
>> are my "values" I
>> can use in these statements instead of 2, 9999? What
>> should I change
>> here to get the full text output without cutting off text?
>>
>>
>>
>>
>>
>> On Wed, Oct 5, 2016 at 8:04 AM, project722
>> <project722 at gmail.com <mailto:project722 at gmail.com>
>> <mailto:project722 at gmail.com
>> <mailto:project722 at gmail.com>>> wrote:
>>
>> I have adjusted my statement to account for the
>> binary to ACSII
>> conversion. I'll test and report back if I run into
>> any problems.
>>
>> On Tue, Oct 4, 2016 at 7:01 PM, Glenn Satchell
>> <glenn.satchell at uniq.com.au
>> <mailto:glenn.satchell at uniq.com.au>
>> <mailto:glenn.satchell at uniq.com.au
>>
>> <mailto:glenn.satchell at uniq.com.au>>> wrote:
>>
>> There may be non-ascii characters in your option
>> agent.circuit-id, so try
>> a suitable binary-to-ascii() around it. If there
>> is a non-ascii
>> or null it
>> won't print anything.
>>
>> The parenthesis around a variable make no
>> difference, they just
>> control
>> order of parameters.
>>
>> regards,
>> -glenn
>>
>> On Wed, October 5, 2016 3:49 am, project722 wrote:
>> > Hmmm.. OK here is the log for the test client.
>> >
>> > Oct 4 11:39:20 dhcpd: Lease for X.X.X.X with
>> circuit-id
>> >
>> > That's all it said.
>> >
>> > I know that my ACL class for circuit id works
>> as it was allowed to get an
>> > IP address.
>> >
>> > The log line reported back the correct IP so I
>> know that the
>> >
>> > "Lease for ", binary-to-ascii (10, 8, ".",
>> leased-address),
>> >
>> > Line in my logging clause works.
>> >
>> > But why did it stop there? Do I need to remove
>> the parenthesis
>> around
>> > "option agent.circuit-id" since I am not using
>> parenthesis in
>> my ACL
>> > class?
>> >
>> > On Tue, Oct 4, 2016 at 11:25 AM, project722
>> <project722 at gmail.com
>> <mailto:project722 at gmail.com>
>> <mailto:project722 at gmail.com
>> <mailto:project722 at gmail.com>>> wrote:
>> >
>> >> Alfred - thanks but your setup is much more
>> complex than mine.
>> >>
>> >> Alex, I have put in the changes as you
>> suggested and it passed
>> >> validation.
>> >> I'll report back what the logs look like or
>> if I have any further
>> >> problems.
>> >>
>> >> Thanks!
>> >>
>> >> On Tue, Oct 4, 2016 at 11:12 AM, Alex Moen
>> <alexm at ndtel.com <mailto:alexm at ndtel.com>
>> <mailto:alexm at ndtel.com
>>
>> <mailto:alexm at ndtel.com>>> wrote:
>> >>
>> >>> Just comparing with mine, it seems that the
>> "option
>> agent.circuit-id"
>> >>> needs to be in parens. And, I don't know
>> the use of the
>> >>> "(leased-address)"
>> >>> is. So, try this:
>> >>>
>> >>>
>> -----------------------------------------------------
>> >>> ## Option 82 Class
>> >>> class "myvendor" {
>> >>> match if option agent.circuit-id =
>> 00:04:00:6b:00:84;
>> >>> }
>> >>>
>> >>> # Test Option 82 logging
>> >>> if exists agent.circuit-id
>> >>> {
>> >>> log (info, concat(
>> >>> "Lease for ", binary-to-ascii (10, 8,
>> ".", leased-address),
>> >>> " with circuit-id ", (option
>> agent.circuit-id),
>> >>> " is assigned using Option82"
>> >>> ));
>> >>> }
>> >>>
>> >>> pool {
>> >>> allow members of "myvendor";
>> >>> range x.x.x.x x.x.x.x;
>> >>> }
>> >>>
>> -----------------------------------------------------
>> >>>
>> >>> This should give you a line that looks
>> something like:
>> >>>
>> >>> Lease for 192.168.0.10 with circuit-id
>> Ethernet 5 is
>> assigned using
>> >>> Option82
>> >>>
>> >>> Obviously, your circuit-id will most likely
>> be something
>> other than
>> >>> "Ethernet 5", but you get the idea.
>> >>>
>> >>> If I'm way off base, someone please correct
>> me!
>> >>>
>> >>> Good luck,
>> >>>
>> >>> Alex
>> >>>
>> >>>
>> >>>
>> >>> On 10/04/2016 10:27 AM, project722 wrote:
>> >>>
>> >>>> Hello DHCP experts! We are implementing
>> Option 82 in our
>> network and I
>> >>>> am just scratching the surface of how to
>> setup my server. I
>> have
>> >>>> successfully created my first Option 82 ACL
>> based on the
>> agent circuit
>> >>>> ID
>> >>>> that is contained in the packet, now I just
>> need guidance
>> on how I get
>> >>>> the
>> >>>> Option 82 data into the logs. Here is my
>> O82 setup on the
>> server:
>> >>>>
>> >>>> ## Option 82 Class
>> >>>> class "myvendor" {
>> >>>> match if option agent.circuit-id =
>> 00:04:00:6b:00:84;
>> >>>> }
>> >>>>
>> >>>> # Test Option 82 logging
>> >>>> if exists agent.circuit-id
>> >>>> {
>> >>>> log (info, concat( "Lease for ", option
>> agent.circuit-id
>> >>>> (leased-address), "is an address assigned
>> using Option82"));
>> >>>> }
>> >>>>
>> >>>> pool {
>> >>>> allow members of "myvendor";
>> >>>> range x.x.x.x x.x.x.x;
>> >>>> }
>> >>>>
>> >>>> The problem I am having is when I go to
>> check the conf before
>> >>>> restarting
>> >>>> dhcpd I am getting the error:
>> >>>>
>> >>>> etc/dhcp/dhcpd.conf line 135: right
>> parenthesis expected.
>> >>>> log (info, concat( "Lease for ", option
>> agent.circuit-id (
>> >>>> ^
>> >>>> Can anyone tell me what I am doing wrong
>> and how to fix
>> this error?
>> >>>>
>> >>>>
>> >>>> ______________________________
>> _________________
>> >>>> dhcp-users mailing list
>> >>>> dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>
>> <mailto:dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>>
>> >>>>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>> <https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>>
>> >>>>
>> >>>
>> >>>
>> >>> --
>> >>> Alex Moen
>> >>> NSTII
>> >>> Calix System Specialist
>> >>> North Dakota Telephone Company
>> >>> 701-662-6481 <tel:701-662-6481>
>> <tel:701-662-6481 <tel:701-662-6481>>
>> >>>
>> >>> ______________________________
>> _________________
>> >>> dhcp-users mailing list
>> >>> dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>
>> <mailto:dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>>
>> >>>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>> <https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>>
>> >>>
>> >>
>> >>
>> > _______________________________________________
>> > dhcp-users mailing list
>> > dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>
>> <mailto:dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>>
>> >
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>> <https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>>
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>
>> <mailto:dhcp-users at lists.isc.org
>> <mailto:dhcp-users at lists.isc.org>>
>>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>> <https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org
>> >
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20161005/759a3e14/attachment-0001.html>
More information about the dhcp-users
mailing list