5

I am looking at bunch of syslog messages written by dhcpd. I want to write a quick parser that can deconstruct the message into its component parts, but I don't know what the various parts mean. I assume this is documented somewhere, but my simple queries (like dhcpd syslog message format) on Google have failed to turn up any useful documentation.

Chas. Owens
  • 2,013
  • 2
  • 20
  • 24
  • If you can't find anything else, the definitive place to look would be the source code (https://www.isc.org/downloadables/12). – Zoredache Jan 27 '10 at 22:29
  • Yeah, I am hoping it doesn't come to that. – Chas. Owens Jan 27 '10 at 22:47
  • also... don't forget that the message format may change between the releases/updates – rytis Jan 28 '10 at 08:30
  • @pulegium Not necessarily. The messages might have a fixed format. That is why I want to see docs rather than just examine the code. The docs will state whether or not the format will change. If the format is not documented, then yes, I can't trust the source to be accurate for anything but that release. – Chas. Owens Jan 28 '10 at 14:12
  • yes i see what you mean.. my rule of thumb though is never trust arbitrary messages (read: syslog :) ) – rytis Jan 28 '10 at 20:15

3 Answers3

1

Why parse the log files? What you really want to read is the leases file. That's where all the useful information is, and its format is very machine-readable.

apenwarr
  • 2,012
  • 1
  • 11
  • 11
  • Leases largely tells you about what went right. The log file may indicate certain errors that may be occurring, such as addresses being consistently declined, clients that flood discovers without accepting offers, etc. Note that certain information in the log file is client-generated, such as remote station name; be sure that any parsing you do takes this into consideration. – medina Jun 12 '10 at 13:52
1

I experienced the same agony just like you. I seached on Google for several hours but no result. Finally, I found in the "man in.dhcpd", at the part of "-l syslog_local_facility", there is a format description for the log file.

MikeyB
  • 38,725
  • 10
  • 102
  • 186
zpf
  • 11
  • 1
0

dhcpd is pretty sparsely documented in general - I've never seen docs on the logging format.

I think the source is your best hope.

James
  • 7,553
  • 2
  • 24
  • 33
  • Yeah, when I didn't get pointed in the right direction in a few hours I went ahead and started reading the code. I have a better, if fuzzy, understanding of the specific message types I want. I am going to answer my own question with detailed info later when I am certain I know what the values are. – Chas. Owens Jan 28 '10 at 20:47