Hello,

When dhcpd ( running on Debian Etch 4 ) leases an IP address I want my script to be notified. The script will likely be a bash script. I should receive the MAC address, IP address and the lease time. I should also receive a notification if the lease is released by the customer.

I'll need root privileges for the commands executed. ( Or I could program sudo to allow me to execute the commands needed ).

How can I do this?

Thanks,

David

You could set a tail on the dhcpd log and pipe it into your processing.
I am running F9 so your setup is quite probably somewhat different. But the following may be helpful.

I have set my dhcpd to log into its own file but that is not really necessary as by default it will log into /var/log/messages and can be sorted out like this:
sudo tail --follow=name /var/log/messages | grep dhcpd | your-processing-script

My set up put it in its own file, /var/log/dhcpdlog by including the following:
in my /etc/dhcpd.conf
log-facility local1; # per /etc/rsyslog.conf setting

in my /etc/rsyslog.conf
# log dhcpd per /etc/dhcpd.conf
local1.* /var/log/dhcpdlog

I do have the logs rotated by /usr/sbin/logrotate (see man logrotate) by adding the following to /etc/logrotate.d/syslog:

/var/log/dhcpdlog{
sharedscripts
copytruncate
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

Actually I added it to the existing syslog entry that included other logs that are rotated and mine now looks like this:

/var/log/dhcpdlog /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron /var/log/update-debug.log /var/log/named-auth.info{
sharedscripts
copytruncate
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

Then the tail command looks like this:

tail --follow=name /var/log/dhcpdlog | local-processing-script

Your script will have to look for the offer and the ack packets in this log. Here is a request, acknowledge, and inform secguence from the log:

Nov 27 07:11:51 maplepark dhcpd: DHCPREQUEST for 192.168.102.95 (192.168.102.9) from 00:c0:a8:da:94:35 (drf-PC) via eth0
Nov 27 07:11:51 maplepark dhcpd: DHCPACK on 192.168.102.95 to 00:c0:a8:da:94:35 (drf-PC) via eth0
Nov 27 07:16:22 maplepark dhcpd: DHCPINFORM from 192.168.102.114 via eth0
Nov 27 07:16:22 maplepark dhcpd: DHCPACK to 192.168.102.114 (00:00:39:1b:43:0e) via eth0

I do run dynamic updates to my bind and they show up as:
when adding:

Nov 27 09:47:30 maplepark dhcpd: DHCPDISCOVER from 00:c0:a8:da:94:35 via eth0
Nov 27 09:47:31 maplepark dhcpd: DHCPOFFER on 192.168.102.95 to 00:c0:a8:da:94:35 (drf-PC) via eth0
Nov 27 09:47:31 maplepark dhcpd: Added new forward map from drf-PC.maplepark.com to 192.168.102.95
Nov 27 09:47:31 maplepark dhcpd: added reverse map from 95.102.168.192.in-addr.arpa. to drf-PC.maplepark.com
Nov 27 09:47:31 maplepark dhcpd: Wrote 0 deleted host decls to leases file.
Nov 27 09:47:31 maplepark dhcpd: Wrote 0 new dynamic host decls to leases file.

when deleting:

Nov 27 08:11:51 maplepark dhcpd: if drf-PC.maplepark.com IN TXT "31467d5c297125ea22734a4e36c193b583" rrset exists and drf-PC.maplepark.com IN A 192.168.102.95 rrset exists delete drf-PC.maplepark.com IN A 192.168.102.95: success.
Nov 27 08:11:51 maplepark dhcpd: if drf-PC.maplepark.com IN A rrset doesn't exist delete drf-PC.maplepark.com IN TXT "31467d5c297125ea22734a4e36c193b583": success.
Nov 27 08:11:51 maplepark dhcpd: removed reverse map on 95.102.168.192.in-addr.arpa.
Nov 27 08:45:40 maplepark dhcpd: Wrote 0 deleted host decls to leases file.
Nov 27 08:45:40 maplepark dhcpd: Wrote 0 new dynamic host decls to leases file.


The interesting thing here is that, although the lease was deleted in bind at 8:11:51, the lease file was not written to until 8:45:40. I suspect that using the lease file as gospel truths may be an error as it is primarily to store information for dhcpd's use between requests and shutdowns, not as an up-to-date snapshot available for other processes to use. But your needs will dictate if you can use it. Other dhcpd daemons, fallover particularily, could also change the actual picture from what you expect.

Dave

Hello,

I did not even think of running a tail on the syslog!!

Great idea!

David

Hey have you made the script?

I'm looking for exactly the same thing, I got the tail /var/log/syslog | grep "dhcpd: DHCPACK"
But how do i get just the ip address from the whole line:
Dec 14 12:23:09 ubuntu dhcpd: DHCPACK on 192.168.0.30 to bla bla

Thanks in advance

Skiltron, just pipe the output of your tail /var/log/syslog | grep "dhcpd: DHCPACK" into cut
cut picks out things by their field position and is described in man cut

For your request to see the IP, it could simply look like this:
tail /var/log/syslog | grep "dhcpd: DHCPACK" | cut -d " " -f 8 | your-processing-script

You could use awk which is more powerful but requires some educational effort. Many books are available.
A simple awk:
/usr/bin/tail --follow=name /var/log/syslog | awk -f some_plugin |bash where your plug in can be quite versitle
an example might be like the routine I use to catch rogue ssh logins on my machine as detailed at:
http://maplepark.com/~drf/consults/Killit_Plan.html

But the quickest might be the "cut" example as above. You might want to add the --follow=name option to the tail for a continuous daemon.

Dave

Thanks It works!

I got the tail, grep and cut statements and put it in a variable..
Echo the variable and there it is!
If I add the --follow that doesn't work anymore
I'd like it to run an application and give the app the ip-address

As you might have noticed I'm new to shell scripts :P

No, I never made the script. I had other things come up. I'll come back to this eventually.