ISC DHCP Users

Logging GI-Addr

classic Classic list List threaded Threaded
4 messages Options
Gregory Sloop
Reply | Threaded
Open this post in threaded view
|

Logging GI-Addr

Gregory Sloop
Logging GI-Addr I've spent a little bit trying to find how to log things - specifically the GI-Addr.
But digging down through the log (priority, data-expr) is not exactly easy. [In fact, I'm not sure the GI-Addr information will be in there...]
And my GoogleFoo isn't getting me much that's helpful either.

Can someone give me a quick recipe that will help point me in the right direction?
I'll keep looking at the docs and seeing what I can further google up, but I'm feeling lost. :)


-Greg
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Bill Shirley-2
Reply | Threaded
Open this post in threaded view
|

Re: Logging GI-Addr

Bill Shirley-2
"  GIaddr:", pick-first-value(binary-to-ascii(10, 8, ".", packet(24,4)), "(none)")

Bill

On 2/11/2018 11:06 PM, Gregory Sloop wrote:
Logging GI-Addr I've spent a little bit trying to find how to log things - specifically the GI-Addr.
But digging down through the log (priority, data-expr) is not exactly easy. [In fact, I'm not sure the GI-Addr information will be in there...]
And my GoogleFoo isn't getting me much that's helpful either.

Can someone give me a quick recipe that will help point me in the right direction?
I'll keep looking at the docs and seeing what I can further google up, but I'm feeling lost. :)


-Greg 

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Gregory Sloop
Reply | Threaded
Open this post in threaded view
|

Re: Logging GI-Addr

Gregory Sloop
Re: Logging GI-Addr

"  GIaddr:", pick-first-value(binary-to-ascii(10, 8, ".", packet(24,4)), "(none)")


So, let me break this down, and see if I understand it correctly.
Starting from the inside...

Offset into the packet 24 bytes, and return 4 bytes [4 octets].
---
 I think this means that the OP, HType, HLen and HOPS, [4 bytes / 1 octet [each] *4]
 XID [4 octets / 4 bytes]
 SECs and FLAGs [4 bytes, 2 octets each*2]
 Then continue to offset past the CIADDR, YADDR & SIADDR (Four octets, 4 bytes each in IPV4) to get to the GIAddr, at byte 24.
 Grab 4 bytes, 4 octets

 [The wikipedia page on dhcp is pretty handy here! https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol ]
---

Convert from binary to ASCII from base 8 to base 10. Separate the items with "."

Grab the first non-null output from that output of binary-to-ascii.
If there's no GIAddr in this packet, return "(none)"

Do I have that right?

Thanks so much!

-Greg




_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Bill Shirley-2
Reply | Threaded
Open this post in threaded view
|

Re: Logging GI-Addr

Bill Shirley-2
Yes, that is correct.   Insert that line in with the rest of your logging.

on commit {
    log (
        info,
        concat (
            "Host:", pick-first-value(option fqdn.hostname, option host-name, "(none)"), "=>", pick-first-value(config-option server.ddns-hostname, "(none)")
...
            ,"  GIaddr:", pick-first-value(binary-to-ascii(10, 8, ".", packet(24,4)), "(none)")
#            ,"  Circuit:", pick-first-value(binary-to-ascii(10, 8, ":", option agent.circuit-id), "(none)")
#            ,"  Remote:", pick-first-value(option agent.remote-id, "(none)")

            ,"  ReqOpt:", pick-first-value(binary-to-ascii(10, 8, ",", option dhcp-parameter-request-list), "(none)")
        )
    );
}

Bill

On 2/12/2018 5:35 PM, Gregory Sloop wrote:
Re: Logging GI-Addr

"  GIaddr:", pick-first-value(binary-to-ascii(10, 8, ".", packet(24,4)), "(none)")


So, let me break this down, and see if I understand it correctly.
Starting from the inside...

Offset into the packet 24 bytes, and return 4 bytes [4 octets].
---
 I think this means that the OP, HType, HLen and HOPS, [4 bytes / 1 octet [each] *4]
 XID [4 octets / 4 bytes]
 SECs and FLAGs [4 bytes, 2 octets each*2]
 Then continue to offset past the CIADDR, YADDR & SIADDR (Four octets, 4 bytes each in IPV4) to get to the GIAddr, at byte 24.
 Grab 4 bytes, 4 octets

 [The wikipedia page on dhcp is pretty handy here! https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol ]
---

Convert from binary to ASCII from base 8 to base 10. Separate the items with "."

Grab the first non-null output from that output of binary-to-ascii.
If there's no GIAddr in this packet, return "(none)"

Do I have that right?

Thanks so much!

-Greg





_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Free forum by Nabble Edit this page