Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 7193 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is there a source for better DHCP logs?

WrlsFanatic

The DHCP logs coming from the Sophos UTM are incredibly basic. They don't even include the MAC addresses of the leased devices. Is there no other system within the UTM that gives more verbose logging? Can I turn on logging from some other service that would give me what I'm looking for? I'm assuming not, but these DHCP logs actually seem so basic that I can't believe this is all there is.



This thread was automatically locked due to age.
Parents
  • 0

    Are you looking in the right place?

    Logging and reporting, View log files, DHCP server VIEW

    Here's an excerpt of a dns request.  Includes the mac, ip assigned, and some other activity.  I didn't have to enable anything special.  Even the live log includes the mac addresses and hostnames.

    ----
    2018:04:09-22:26:15 utm dhcpd: DHCPDISCOVER from c8:60:xx:xx:xx:xx via eth0.3
    2018:04:09-22:26:16 utm dhcpd: DHCPOFFER on 10.10.3.106 to c8:60:xx:xx:xx:xx (WINDOWSPC) via eth0.3
    2018:04:09-22:26:16 utm dhcpd: Wrote 0 deleted host decls to leases file.
    2018:04:09-22:26:16 utm dhcpd: Wrote 0 new dynamic host decls to leases file.
    2018:04:09-22:26:16 utm dhcpd: Wrote 27 leases to leases file.
    2018:04:09-22:26:16 utm dhcpd: DHCPREQUEST for 10.10.3.106 (10.10.3.1) from c8:60:xx:xx:xx:xx (WINDOWSPC) via eth0.3
    2018:04:09-22:26:16 utm dhcpd: DHCPACK on 10.10.3.106 to c8:60:xx:xx:xx:xx (WINDOWSPC) via eth0.3
    -----

     

Reply
  • 0

    Are you looking in the right place?

    Logging and reporting, View log files, DHCP server VIEW

    Here's an excerpt of a dns request.  Includes the mac, ip assigned, and some other activity.  I didn't have to enable anything special.  Even the live log includes the mac addresses and hostnames.

    ----
    2018:04:09-22:26:15 utm dhcpd: DHCPDISCOVER from c8:60:xx:xx:xx:xx via eth0.3
    2018:04:09-22:26:16 utm dhcpd: DHCPOFFER on 10.10.3.106 to c8:60:xx:xx:xx:xx (WINDOWSPC) via eth0.3
    2018:04:09-22:26:16 utm dhcpd: Wrote 0 deleted host decls to leases file.
    2018:04:09-22:26:16 utm dhcpd: Wrote 0 new dynamic host decls to leases file.
    2018:04:09-22:26:16 utm dhcpd: Wrote 27 leases to leases file.
    2018:04:09-22:26:16 utm dhcpd: DHCPREQUEST for 10.10.3.106 (10.10.3.1) from c8:60:xx:xx:xx:xx (WINDOWSPC) via eth0.3
    2018:04:09-22:26:16 utm dhcpd: DHCPACK on 10.10.3.106 to c8:60:xx:xx:xx:xx (WINDOWSPC) via eth0.3
    -----

     

Children
  • 0 in reply to Jay Jay

    I haven't looked up the Live Logs, but they're irrelevant for this. I'm only interested in remote logging, and my looks don't contain any of those MAC addresses. Is there something I need to enable to get that?

  • 0 in reply to WrlsFanatic

    I see. You didn't mention remote logging in the OP.  You'll have to wait for one of the experts to chime in.  What I pasted came from local logging.

    Enabling remote syslog logging I get this in the remote log.

    <30>2018:04:09-22:51:13 utm dhcpd: DHCPDISCOVER from 8c:xx:xx:xx:xx:xx via eth0
    <30>2018:04:09-22:51:13 utm dhcpd: DHCPREQUEST for 10.10.1.110 (10.10.1.1) from 8c:xx:xx:xx:xx:xx via eth0
    <30>2018:04:09-22:51:13 utm dhcpd: DHCPACK on 10.10.1.110 to 8c:xx:xx:xx:xx:xx via eth0
    <30>2018:04:09-22:51:24 utm dhcpd: DHCPDISCOVER from 8c:xx:xx:xx:xx:xx via eth0.4
    <30>2018:04:09-22:51:25 utm dhcpd: DHCPOFFER on 10.10.4.101 to 8c:xx:xx:xx:xx:xx (android1) via eth0.4
    <30>2018:04:09-22:51:25 utm dhcpd: DHCPREQUEST for 10.10.4.101 (10.10.4.1) from 8c:xx:xx:xx:xx:xx (android1) via eth0.4
    <30>2018:04:09-22:51:25 utm dhcpd: DHCPACK on 10.10.4.101 to 8c:xx:xx:xx:xx:xx (android1) via eth0.4

    You'll need to provide more details for a useful answer.

  • 0 in reply to WrlsFanatic

    Which syslog server are you using?  It sounds like you need to adjust your settings there.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML