[CentOS] CentOS 6 dhcpd custom log issues

Fri May 26 18:04:47 UTC 2017
Mark Haney <mark.haney at neonova.net>

Hi all,

I've got an issue with C6's dhcpd custom logging that I cannot figure out.
Hopefully someone has an idea, or has seen a similar issue.  We have dhcpd
logging to /var/log/messages a custom header (DHCPUSER:) with MAC, IP and

I'll not bore you with the guts, so here's the beginning of that line in

if exists agent.circuit-id
        log (info, concat( "DHCPUSER:,", concat (suffix (concat ("0",

We log this specifically to have rsyslog dump that line (keyed on DHCPUSER)
into a MySQL database for use by a web app our development team built so
that our customers can get reports on their DHCP leases.  (Neonova provides
help desk, engineering and Tier 2 and 3 tech support to rural ISPs in the

Our problem is that this method logs every entry that has the CID in the
packet.  Which covers most DHCP requests.  As such, with our bigger
customers, this logging bogs down MySQL (and the file system on older ext3
based CentOS 6 boxes we have out in the field) to the point where, after a
major outage and recovery, the DHCP server can't handle the load and people
are unable to get new DHCP leases, resulting in calls to our help desk.

What I want to do is have this data logged in the DHCPUSER line on the
DHCPACK and only that.  For some reason, when I try replace the above with
'if option dhcp-message-type = 5', nothing is getting logged.  All the
instances of this I've googled have similar, notably one from ~2008 that

 if exists agent.circuit-id and dhcp-message-type = 3

and that apparently worked fine.  I know the circuit-id is included in the
ACK packet (tcpdump is your friend), but even on the check to log for only
the dhcp message type 5 isn't working.

Are the newer dhcpd versions different syntactically?  What's the correct
method for logging on the DCHP Message type with the most recent C6
version? (dhcp-4.1.1-53.P1.el6.centos.x86_64)

Any ideas?

[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.haney at neonova.net
www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/>  <https://twitter.com/NeoNova_NNS>