SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  DHCPD log filtering for MAC+IP on same line

    Posted 08-02-2024 10:01

    What is the proper way to get a log file that contains only MAC->IP address assignments via the DHCP server as they are assigned?

    I have the below config but the MAC address is not showing up 100% of the time, and the the log line that the mac address is on is not on the same line as the IP address. I am trying to get both mac and IP to show up in a single log line show I can easily parse it with Splunk.

    set system processes dhcp-service traceoptions file jdhcp-clients
    set system processes dhcp-service traceoptions file size 5m
    set system processes dhcp-service traceoptions level info
    set system processes dhcp-service traceoptions flag all



    ------------------------------
    G H
    ------------------------------


  • 2.  RE: DHCPD log filtering for MAC+IP on same line

    Posted 08-02-2024 14:27
    Edited by Nikolay Semov 08-02-2024 14:41

    Rather than traceoptions, enable JDHCP server logging with set system processes dhcp-service log session server. If that command is not available for you, please make sure you're running a recent version of JunOS as it was introduced only a few years ago in 19.1R1.

    Once logging is enabled, you can have the syslog configuration sending stuff to your Splunk host match messages with regexp .*DH_SVC_V._SERVER.*   You may need to adjust the regular expression to suit your needs as the example I provided may match more events than you want.



    ------------------------------
    Nikolay Semov
    ------------------------------



  • 3.  RE: DHCPD log filtering for MAC+IP on same line

    Posted 08-02-2024 14:46

    That sounds hopeful. How does that materialize in the actual log files? I have the below with no messages from jdhcpd:

    set system syslog file dhcp daemon any
    set system syslog file dhcp match "(dh|DH)"
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file messages security info
    set system syslog file policy any any
    set system syslog file policy match RT_FLOW_SESSION



    ------------------------------
    G H
    ------------------------------



  • 4.  RE: DHCPD log filtering for MAC+IP on same line

    Posted 08-02-2024 15:01

    The log line looks something like this (it will look different if you enable structured-data):

    DH_SVC_V4_SERVER_GET_BOUND: DHCPv4 server changed a binding to state BOUND:default/default, interface ge-0/0/6.0, MAC aa:bb:cc:dd:ee:ff, IP 100.100.100.11, lease-time 150.

    Try any any instead of daemon any. Also, match at least DH_SVC_ rather than just DH, lest you get tons of other garbage that may have the "dh" sequence.

    Also, just to clarify, this is the newer JDHCP server (enabled in system and configured in access address-assignment) and not the old DHCP daemon that's configured only in system.



    ------------------------------
    Nikolay Semov
    ------------------------------



  • 5.  RE: DHCPD log filtering for MAC+IP on same line

    Posted 08-05-2024 16:20

    That is correct. Thank you for your help.



    ------------------------------
    G H
    ------------------------------