Option 82 logging on dhcpd 4.1.1 and red hat 6

project722 project722 at gmail.com
Wed Oct 5 17:43:51 UTC 2016


Thanks, I've settled on this code for now using substring and 0,9999 to
grab the full text.

if((option dhcp-message-type = 3 or option dhcp-message-type = 5) and
exists agent.circuit-id) {
    log(info, concat( "OPTION-82 | IP =",
        binary-to-ascii (10, 8, ".",leased-address),
        " | MAC=",
        suffix (concat("0", binary-to-ascii (16, 8, "",
        substring( hardware, 1, 1))),2),":",
        suffix (concat("0", binary-to-ascii (16, 8, "",
        substring( hardware, 2, 1))),2),":",
        suffix (concat("0", binary-to-ascii (16, 8, "",
        substring( hardware, 3, 1))),2),":",
        suffix (concat("0", binary-to-ascii (16, 8, "",
        substring( hardware, 4, 1))),2),":",
        suffix (concat("0", binary-to-ascii (16, 8, "",
        substring( hardware, 5, 1))),2),":",
        suffix (concat("0", binary-to-ascii (16, 8, "",
        substring( hardware, 6, 1))),2), " | CIRCUIT-ID=",
        binary-to-ascii (10, 8, ".", option agent.circuit-id),
        " | REMOTE-ID=",
        binary-to-ascii (10, 8, ".", option agent.circuit-id),
        " | CIRCUIT-ID=",
        substring( option agent.circuit-id, 0, 9999),
        " | REMOTE-ID=",
        substring( option agent.remote-id, 0, 9999)));
}

I was wondering though, with this code I am getting both the binary to
decimal output and the binary to text output as seen here:

Oct  5 11:14:33 dhcpd: OPTION-82 | IP =192.168.100.101 |
MAC=00:0f:94:4c:f7:80 |
CIRCUIT-ID=51.48.48.82.95.76.65.66.32.101.116.104.32.49.47.50.47.49.47.49.47.49.58.50.48.48
|
REMOTE-ID=51.48.48.82.95.76.65.66.32.101.116.104.32.49.47.50.47.49.47.49.47.49.58.50.48.48
| CIRCUIT-ID=300R_LAB eth 1/2/1/1/1:200 | REMOTE-ID=Option82Test__DATA_ETH1

Are there any other "conversions" of the packet I could grab besides these
two? If so what are they?

On Wed, Oct 5, 2016 at 11:52 AM, Ilkka Virta <itvirta at iki.fi> wrote:

> I mean something like:
>
>  if((option dhcp-message-type = 3 or option dhcp-message-type = 5) and
>       exists agent.circuit-id) {
>      log(info, concat( "OPTION-82 | IP =",
>          binary-to-ascii (10, 8, ".",leased-address),
>          " | CIRCUIT-ID=", binary-to-ascii (10, 8, ".", option
> agent.circuit-id),
>          " | REMOTE-ID=",  binary-to-ascii (10, 8, ".", option
> agent.circuit-id),
>          " | CIRCUIT-ID=", option agent.circuit-id,
>          " | REMOTE-ID=",  option agent.remote-id
>          ));
>
>  }
>
> Works for me on DHCP Server 4.3.1 (well, except that I can't test on any
> devices where circuit-id would contain human-readable output.)
>
> I don't know what you had on line 190 when you got that error,
> but in the last one you only gave one argument to suffix(), so you got an
> error since it needs two.
>
> (Of course you could use   substring(option agent.circuit-id, 0, 9999)
> to get the whole string, too...)
>
> On 5.10. 19:18, project722 wrote:
>
>> It does not seem to like anything I try. My latest attempt:
>>
>> suffix (concat("CIRCUIT-ID=", ( option agent.circuit-id), "."))));
>>
>> It keeps complaining "comma expected" blah blah
>>
>> On Wed, Oct 5, 2016 at 11:01 AM, project722 <project722 at gmail.com
>> <mailto:project722 at gmail.com>> wrote:
>>
>>     Do you mean something like this:
>>
>>     suffix (concat("CIRCUIT-ID=", substring ( option agent.circuit-id,
>>     0, 9999,)
>>
>>     Because this is not working either.
>>
>>
>>     On Wed, Oct 5, 2016 at 10:41 AM, project722 <project722 at gmail.com
>>     <mailto:project722 at gmail.com>> wrote:
>>
>>         When I put that in as you have it listed I get errors when
>>         validating the config.
>>
>>         /etc/dhcp/dhcpd.conf line 190: expecting data expression.
>>
>>         How does the actual statement need to look?
>>
>>
>>         On Wed, Oct 5, 2016 at 9:56 AM, Ilkka Virta <itvirta at iki.fi
>>         <mailto:itvirta at iki.fi>> wrote:
>>
>>             If you want the whole of circuit-id printed, instead of a
>>             part, just use concat(... "CIRCUIT-ID=", option
>>             agent.circuit-id, ...) instead of calling substring().
>>             substring(x, 2, 9999) takes the 9999 characters (bytes)
>>             after the first two, which you'd want to use if you know you
>>             don't have anything interesting in the first two bytes.
>>
>>             On 5.10. 17:43, project722 wrote:
>>
>>                 Ok. Making progress. I have went with the following log
>>                 statements in my
>>                 conf file:
>>
>>
>>                         " | CIRCUIT-ID=",
>>                         substring( option agent.circuit-id, 2, 9999),
>>                 Which produces log output as follows:
>>
>>
>>                 | CIRCUIT-ID=0R_LAB eth 1/2/1/1/1:200 |
>>                 REMOTE-ID=tion82Test__DATA_ETH1
>>
>>                 My question is:
>>
>>                 Are my substrings at the bottom for pulling in text
>>                 correct? It appears
>>                 as if the first part of the strings are cut off. What
>>                 are my "values" I
>>                 can use in these statements instead of 2, 9999? What
>>                 should I change
>>                 here to get the full text output without cutting off text?
>>
>>
>>
>>
>>
>>                 On Wed, Oct 5, 2016 at 8:04 AM, project722
>>                 <project722 at gmail.com <mailto:project722 at gmail.com>
>>                 <mailto:project722 at gmail.com
>>                 <mailto:project722 at gmail.com>>> wrote:
>>
>>                     I have adjusted my statement to account for the
>>                 binary to ACSII
>>                     conversion. I'll test and report back if I run into
>>                 any problems.
>>
>>                     On Tue, Oct 4, 2016 at 7:01 PM, Glenn Satchell
>>                     <glenn.satchell at uniq.com.au
>>                 <mailto:glenn.satchell at uniq.com.au>
>>                 <mailto:glenn.satchell at uniq.com.au
>>
>>                 <mailto:glenn.satchell at uniq.com.au>>> wrote:
>>
>>                         There may be non-ascii characters in your option
>>                         agent.circuit-id, so try
>>                         a suitable binary-to-ascii() around it. If there
>>                 is a non-ascii
>>                         or null it
>>                         won't print anything.
>>
>>                         The parenthesis around a variable make no
>>                 difference, they just
>>                         control
>>                         order of parameters.
>>
>>                         regards,
>>                         -glenn
>>
>>                         On Wed, October 5, 2016 3:49 am, project722 wrote:
>>                         > Hmmm.. OK here is the log for the test client.
>>                         >
>>                         > Oct  4 11:39:20 dhcpd: Lease for X.X.X.X with
>>                 circuit-id
>>                         >
>>                         > That's all it said.
>>                         >
>>                         > I know that my ACL class for circuit id works
>>                 as it was allowed to get an
>>                         > IP address.
>>                         >
>>                         > The log line reported back the correct IP so I
>>                 know that the
>>                         >
>>                         > "Lease for ", binary-to-ascii (10, 8, ".",
>>                 leased-address),
>>                         >
>>                         > Line in my logging clause works.
>>                         >
>>                         > But why did it stop there? Do I need to remove
>>                 the parenthesis
>>                         around
>>                         > "option agent.circuit-id" since I am not using
>>                 parenthesis in
>>                         my ACL
>>                         > class?
>>                         >
>>                         > On Tue, Oct 4, 2016 at 11:25 AM, project722
>>                         <project722 at gmail.com
>>                 <mailto:project722 at gmail.com>
>>                 <mailto:project722 at gmail.com
>>                 <mailto:project722 at gmail.com>>> wrote:
>>                         >
>>                         >> Alfred - thanks but your setup is much more
>>                 complex than mine.
>>                         >>
>>                         >> Alex, I have put in the changes as you
>>                 suggested and it passed
>>                         >> validation.
>>                         >> I'll report back what the logs look like or
>>                 if I have any further
>>                         >> problems.
>>                         >>
>>                         >> Thanks!
>>                         >>
>>                         >> On Tue, Oct 4, 2016 at 11:12 AM, Alex Moen
>>                 <alexm at ndtel.com <mailto:alexm at ndtel.com>
>>                         <mailto:alexm at ndtel.com
>>
>>                 <mailto:alexm at ndtel.com>>> wrote:
>>                         >>
>>                         >>> Just comparing with mine, it seems that the
>>                 "option
>>                         agent.circuit-id"
>>                         >>> needs to be in parens.  And, I don't know
>>                 the use of the
>>                         >>> "(leased-address)"
>>                         >>> is.  So, try this:
>>                         >>>
>>                         >>>
>>                 -----------------------------------------------------
>>                         >>> ## Option 82 Class
>>                         >>> class "myvendor" {
>>                         >>> match if option agent.circuit-id =
>>                 00:04:00:6b:00:84;
>>                         >>> }
>>                         >>>
>>                         >>> # Test Option 82 logging
>>                         >>> if exists agent.circuit-id
>>                         >>> {
>>                         >>> log (info, concat(
>>                         >>>     "Lease for ", binary-to-ascii (10, 8,
>>                 ".", leased-address),
>>                         >>>     " with circuit-id ", (option
>>                 agent.circuit-id),
>>                         >>>     " is assigned using Option82"
>>                         >>>     ));
>>                         >>> }
>>                         >>>
>>                         >>> pool {
>>                         >>>                 allow members of "myvendor";
>>                         >>>                 range x.x.x.x x.x.x.x;
>>                         >>>         }
>>                         >>>
>>                 -----------------------------------------------------
>>                         >>>
>>                         >>> This should give you a line that looks
>>                 something like:
>>                         >>>
>>                         >>> Lease for 192.168.0.10 with circuit-id
>>                 Ethernet 5 is
>>                         assigned using
>>                         >>> Option82
>>                         >>>
>>                         >>> Obviously, your circuit-id will most likely
>>                 be something
>>                         other than
>>                         >>> "Ethernet 5", but you get the idea.
>>                         >>>
>>                         >>> If I'm way off base, someone please correct
>> me!
>>                         >>>
>>                         >>> Good luck,
>>                         >>>
>>                         >>> Alex
>>                         >>>
>>                         >>>
>>                         >>>
>>                         >>> On 10/04/2016 10:27 AM, project722 wrote:
>>                         >>>
>>                         >>>> Hello DHCP experts! We are implementing
>>                 Option 82 in our
>>                         network and I
>>                         >>>> am just scratching the surface of how to
>>                 setup my server. I
>>                         have
>>                         >>>> successfully created my first Option 82 ACL
>>                 based on the
>>                         agent circuit
>>                         >>>> ID
>>                         >>>> that is contained in the packet, now I just
>>                 need guidance
>>                         on how I get
>>                         >>>> the
>>                         >>>> Option 82 data into the logs. Here is my
>>                 O82 setup on the
>>                         server:
>>                         >>>>
>>                         >>>> ## Option 82 Class
>>                         >>>> class "myvendor" {
>>                         >>>> match if option agent.circuit-id =
>>                 00:04:00:6b:00:84;
>>                         >>>> }
>>                         >>>>
>>                         >>>> # Test Option 82 logging
>>                         >>>> if exists agent.circuit-id
>>                         >>>> {
>>                         >>>> log (info, concat( "Lease for ", option
>>                 agent.circuit-id
>>                         >>>> (leased-address), "is an address assigned
>>                 using Option82"));
>>                         >>>> }
>>                         >>>>
>>                         >>>> pool {
>>                         >>>>                 allow members of "myvendor";
>>                         >>>>                 range x.x.x.x x.x.x.x;
>>                         >>>>         }
>>                         >>>>
>>                         >>>> The problem I am having is when I go to
>>                 check the conf before
>>                         >>>> restarting
>>                         >>>> dhcpd I am getting the error:
>>                         >>>>
>>                         >>>> etc/dhcp/dhcpd.conf line 135: right
>>                 parenthesis expected.
>>                         >>>> log (info, concat( "Lease for ", option
>>                 agent.circuit-id (
>>                         >>>> ^
>>                         >>>> Can anyone tell me what I am doing wrong
>>                 and how to fix
>>                         this error?
>>                         >>>>
>>                         >>>>
>>                         >>>> ______________________________
>> _________________
>>                         >>>> dhcp-users mailing list
>>                         >>>> dhcp-users at lists.isc.org
>>                 <mailto:dhcp-users at lists.isc.org>
>>                 <mailto:dhcp-users at lists.isc.org
>>                 <mailto:dhcp-users at lists.isc.org>>
>>                         >>>>
>>                 https://lists.isc.org/mailman/listinfo/dhcp-users
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users>>
>>                         >>>>
>>                         >>>
>>                         >>>
>>                         >>> --
>>                         >>> Alex Moen
>>                         >>> NSTII
>>                         >>> Calix System Specialist
>>                         >>> North Dakota Telephone Company
>>                         >>> 701-662-6481 <tel:701-662-6481>
>>                 <tel:701-662-6481 <tel:701-662-6481>>
>>                         >>>
>>                         >>> ______________________________
>> _________________
>>                         >>> dhcp-users mailing list
>>                         >>> dhcp-users at lists.isc.org
>>                 <mailto:dhcp-users at lists.isc.org>
>>                 <mailto:dhcp-users at lists.isc.org
>>                 <mailto:dhcp-users at lists.isc.org>>
>>                         >>>
>>                 https://lists.isc.org/mailman/listinfo/dhcp-users
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users>>
>>                         >>>
>>                         >>
>>                         >>
>>                         > _______________________________________________
>>                         > dhcp-users mailing list
>>                         > dhcp-users at lists.isc.org
>>                 <mailto:dhcp-users at lists.isc.org>
>>                 <mailto:dhcp-users at lists.isc.org
>>                 <mailto:dhcp-users at lists.isc.org>>
>>                         >
>>                 https://lists.isc.org/mailman/listinfo/dhcp-users
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users>>
>>
>>
>>                         _______________________________________________
>>                         dhcp-users mailing list
>>                         dhcp-users at lists.isc.org
>>                 <mailto:dhcp-users at lists.isc.org>
>>                 <mailto:dhcp-users at lists.isc.org
>>                 <mailto:dhcp-users at lists.isc.org>>
>>
>>                 https://lists.isc.org/mailman/listinfo/dhcp-users
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users>>
>>
>>
>>
>>
>>
>>                 _______________________________________________
>>                 dhcp-users mailing list
>>                 dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org
>> >
>>                 https://lists.isc.org/mailman/listinfo/dhcp-users
>>                 <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>>
>>             _______________________________________________
>>             dhcp-users mailing list
>>             dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>>             https://lists.isc.org/mailman/listinfo/dhcp-users
>>             <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20161005/759a3e14/attachment-0001.html>


More information about the dhcp-users mailing list