DHCP Log of an XGS3100

Hello,

I am trying to extract specific info from a DHCP syslog generated from an XGS3100, 1 log per day for 253 IP's for the last 50 days, masses of data.

What I am trying to find out is, can the log tell me when a given IP was 'last seen' or would that be when an IP address no longer renews?

With 253 reserved addresses and without expanding the subnet, hoping to remove some un-needed IP's/MAC's.

Has anyone needed to do a similar exercise? Any inspiration would be appreciated.

I guess an alternative would be to remove all reservations, let any leases naturally expire and see what's left.

Many Thanks,

Roy



Added TAGs
[edited by: emmosophos at 12:04 AM (GMT -7) on 7 Jul 2022]
  • May want to ask in the XG forums.  ;)

    UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • Moving this thread to the proper forum for you, Roy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    I can't help with your specific log request, but you could change the time to live of the DHCP settings to reduce the idle number of addresses. After you have done that, restart the XGS.

    Ian

    XG115W - v19.0.1 mr-1 - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.

  • Hello Roy,

    Thank you for contacting the Sophos Community.

    The dhcp.leases "log" has  the following information, when the lease started (given) and when it will end, but I am not sure 

    lease 172.16.16.250 {
    starts 2 2022/05/31 16:59:51;
    ends 3 2022/06/01 16:59:51;
    tstp 3 2022/06/01 16:59:51;
    cltt 2 2022/05/31 16:59:51;
    binding state free;
    hardware ethernet 00:0c:29:f7:b2:32;
    uid "\001\000\014)\367\2622";
    }
    lease 172.16.16.251 {
    starts 3 2022/06/22 22:05:46;
    ends 4 2022/06/23 22:05:46;
    cltt 3 2022/06/22 22:05:46;
    binding state active;
    next binding state free;
    rewind binding state free;
    hardware ethernet 00:0c:29:b1:58:03;
    uid "\001\000\014)\261X\003";

    Also if you use the Log Viewer, System and then Add a Filter  "Log Comp" >> "is" >> DCHP Server 

    This should give you the Status of the DHCP, Renew, Expire 

    The information in the Log Viewer would rotate so not sure how far back it might go for you. 

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.