082017

Log DHCP under FreeBSD Nick Fratangelo & Andrew Mallett | Updated August 2017

Following plans for getting a lot more functionality out of the DHCP service, Nick developed some brilliant logging extensions which took the DHCPD beyond the original install of the ISC's original spec's for this thing.

How do I get ISC DHCP to log to its own file?

The ISC DHCP server normally does its logging via syslog. By default, it will log all messages with the facility of LOG_DAEMON. This will mix up all the DHCP log entries with all other daemons on your system. These messages will typically end up in the /var/log/messages or /var/adm/messages file, depending on your system.

To make the server log extra lease information (such as requests, sends, etc.) to /var/log/messages, make sure the following line is near the top of your configuration file (dhcpd.conf). This entry appears in the default dhcpd.conf.sample file.

cd /usr/local/etc
vi dhcpd.conf
log-facility local7;

You can actually put any log facility in that line..

Now to tell syslog where to copy this new data, which will now include extra information such as DHCP requests, sends, etc. Create the new log file in the desired location:

touch  /var/log/dhcpd.log

Add the following lines to the /etc/syslog.conf file:

# dhcp log
!dhcpd
*.* /var/log/dhcpd.log

Note that there are TAB characters between the facility and the filename, in this example. This may or may not be important. See the syslog man page on your system for more details. Don't forget to restart syslog after making this change.

Also, you may want to have your DHCP logs rotated along with your other logs. Since this is specific to each platform, we won't cover the details of this here. Look in root's crontab for the weekly log rotation script.

To restart the syslogd service under FreeBSD, do a ps  -aux to find the PID of the process and stop it with a kill  -9   pid. To start the service, run /usr/sbin/syslogd  -s

 

Back