Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 2804 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Log of an XGS3100

Roy Wheatley

Hello,

I am trying to extract specific info from a DHCP syslog generated from an XGS3100, 1 log per day for 253 IP's for the last 50 days, masses of data.

What I am trying to find out is, can the log tell me when a given IP was 'last seen' or would that be when an IP address no longer renews?

With 253 reserved addresses and without expanding the subnet, hoping to remove some un-needed IP's/MAC's.

Has anyone needed to do a similar exercise? Any inspiration would be appreciated.

I guess an alternative would be to remove all reservations, let any leases naturally expire and see what's left.

Many Thanks,

Roy



This thread was automatically locked due to age.
  • 0

    May want to ask in the XG forums.  ;)

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0

    Moving this thread to the proper forum for you, Roy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Hi,

    I can't help with your specific log request, but you could change the time to live of the DHCP settings to reduce the idle number of addresses. After you have done that, restart the XGS.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Hello Roy,

    Thank you for contacting the Sophos Community.

    The dhcp.leases "log" has  the following information, when the lease started (given) and when it will end, but I am not sure 

    lease 172.16.16.250 {
    starts 2 2022/05/31 16:59:51;
    ends 3 2022/06/01 16:59:51;
    tstp 3 2022/06/01 16:59:51;
    cltt 2 2022/05/31 16:59:51;
    binding state free;
    hardware ethernet 00:0c:29:f7:b2:32;
    uid "\001\000\014)\367\2622";
    }
    lease 172.16.16.251 {
    starts 3 2022/06/22 22:05:46;
    ends 4 2022/06/23 22:05:46;
    cltt 3 2022/06/22 22:05:46;
    binding state active;
    next binding state free;
    rewind binding state free;
    hardware ethernet 00:0c:29:b1:58:03;
    uid "\001\000\014)\261X\003";

    Also if you use the Log Viewer, System and then Add a Filter  "Log Comp" >> "is" >> DCHP Server 

    This should give you the Status of the DHCP, Renew, Expire 

    The information in the Log Viewer would rotate so not sure how far back it might go for you. 

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Unfiltered HTML