ISC DHCP Users

Silencing output when scripts execute

classic Classic list List threaded Threaded
4 messages Options
Jeffrey Lane
Reply | Threaded
Open this post in threaded view
|

Silencing output when scripts execute

Jeffrey Lane
When a script is executed on when the lease is created, a bunch of
output is dumped to the logging facility (syslog).

Like this:

execute_statement argv[0] = /usr/local/sbin/dhcpevent
execute_statement argv[1] = commit
execute_statement argv[2] = 192.168.1.40
execute_statement argv[3] = 11:aa:bb:cc:dd:ee
execute_statement argv[4] = d1.jp

(taken from this blog post:
http://jpmens.net/2011/07/06/execute-a-script-when-isc-dhcp-hands-out-a-new-lease/)

Is there a way to silence those lines?  They seem rather debuggish,
and on my production system my syslog files are being flooded with 16
lines of "execute_statement" messages for every single lease assigned.

Over the last 7 days, this has led to well over 4 million lines of
text in syslog files that simply don't need to be there.

So I was wondering if there was a way to turn that off and only see
the standard REQUEST/ACK messages in syslog, or perhaps a way to send
THOSE messages to one log while keeping the REQUEST/ACK messages in
syslog.

Thanks
Jeff

--
Jeff Lane - Server Certification Lead, Tools Developer, Warrior Poet,
Lover of Pie
Ubuntu Ham: W4KDH
Freenode IRC: bladernr or bladernr_
gpg: 1024D/3A14B2DD 8C88 B076 0DD7 B404 1417  C466 4ABD 3635 3A14 B2DD
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
A.L.M.Buxey
Reply | Threaded
Open this post in threaded view
|

Re: Silencing output when scripts execute

A.L.M.Buxey
hi,

>Is there a way to silence those lines?  They seem rather debuggish,
>and on my production system my syslog files are being flooded with 16
>lines of "execute_statement" messages for every single lease assigned.

what syslog system are you using? with eg rsyslog you can do a very simple
regex pattern match to ignore those entries and not log them (or log them
to another server or log them to another file....)... /^execute_statement argv/

alan
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Bill Shirley
Reply | Threaded
Open this post in threaded view
|

Re: Silencing output when scripts execute

Bill Shirley
I switched from using the DHCP exec to Simple Event Collator (sec).  It monitors the log files much
like fail2ban and can respond to log messages.  I have an elaborate log message for DHCP.  This
sec rule triggers when a lease is issued and adds the IP address to a ipset:
# Dec 31 11:19:28 server dhcpd[20260]: Host:BROTHER-MFC-J61=>BROTHER-MFC-J61  VendorId:(none)  MemberOf:(none)  PoolType:(none)  Lease:14400  Ipv4:192.168.4.63  MAC:0:1b:a9:3d:2d:e3 --> STATIC
type=Single
ptype=RegExp
pattern=(?<server_name>\S+)\s+dhcpd\S+:\s+Host:(?<host>\S+)=\>(?<DNShost>\S+).+ Lease:(?<leaseTime>\d+).+IPv4:(?<ipv4>(\d{1,3}\.){3}\d{1,3}).+MAC:(?<MAC>\S+)
desc=DHCP lease issued: Server:$+{server_name}  Host:$+{DNShost}  IPv4:$+{ipv4}  Lease:$+{leaseTime}  MAC:$+{MAC}
action=shellcmd /usr/sbin/ipset -exist add DHCP4-lease $+{ipv4} timeout $+{leaseTime}
Everything from # up to (but not including) type is a sample log line.  (I'm pretty sure this will wrap
in this email.)

sec's actions are logged to /var/log/sec. 

[0:root@server network]$ dnf search sec
Last metadata expiration check performed 1:14:59 ago on Wed Nov  2 18:10:46 2016.
===================================================================== N/S Matched: sec ======================================================================
sec.noarch : Simple Event Correlator script to filter log file entries

Bill


On 11/2/2016 5:52 PM, Alan Buxey wrote:
hi,


Is there a way to silence those lines?  They seem rather debuggish,
and on my production system my syslog files are being flooded with 16
lines of "execute_statement" messages for every single lease assigned.

what syslog system are you using? with eg rsyslog you can do a very simple
regex pattern match to ignore those entries and not log them (or log them
to another server or log them to another file....)... /^execute_statement argv/

alan
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Jeffrey Lane
Reply | Threaded
Open this post in threaded view
|

Re: Silencing output when scripts execute

Jeffrey Lane
In reply to this post by A.L.M.Buxey
On Wed, Nov 2, 2016 at 5:52 PM, Alan Buxey <[hidden email]> wrote:
> hi,
>
>>Is there a way to silence those lines?  They seem rather debuggish,
>>and on my production system my syslog files are being flooded with 16
>>lines of "execute_statement" messages for every single lease assigned.
>
> what syslog system are you using? with eg rsyslog you can do a very simple
> regex pattern match to ignore those entries and not log them (or log them
> to another server or log them to another file....)... /^execute_statement argv/

Hi Alan,

Sheesh... I'm using rsyslog and that didn't even occur to me.  Thanks
for pointing it out!


>
> alan
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users



--
Jeff Lane - Server Certification Lead, Tools Developer, Warrior Poet,
Lover of Pie
Ubuntu Ham: W4KDH
Freenode IRC: bladernr or bladernr_
gpg: 1024D/3A14B2DD 8C88 B076 0DD7 B404 1417  C466 4ABD 3635 3A14 B2DD
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Free forum by Nabble Edit this page