-
Notifications
You must be signed in to change notification settings - Fork 6
/
dhcpd.grok
22 lines (15 loc) · 1.08 KB
/
dhcpd.grok
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# Grok filters for dhcpd logs
# Custom grok patterns
### Custom
# Custom DHCPD logs for AAI
# 1 client: 10.0.3.106, mac: 00:25:b3:bf:94:88, shared network: 1234_network-test
DHCPD_AAI_CLIENT client: %{IP:client}, mac: %{MAC:mac}, shared network: %{GREEDYDATA:shared_network}
### Error logs
# 1 DHCPDISCOVER from 00:25:b3:bf:94:88 via 10.0.0.1: network 1234_network-test: no free leases
# 2 DHCPDISCOVER from 00:25:b3:bf:94:88 via 10.0.0.1: unknown network segment
DHCPD_AAI_DISCOVER DHCPDISCOVER from %{MAC:mac} via %{IP:via}:( network %{DATA:shared_network}:)? %{GREEDYDATA:error}
# 1 DHCPDECLINE of 10.0.3.106 from 00:25:b3:bf:94:88 (iPhone) via 10.0.0.1: abandoned
DHCPD_AAI_DECLINE DHCPDECLINE of %{IP:client} from %{MAC:mac}( %{DATA})? via %{IP:via}: %{GREEDYDATA:error}
# 1 DHCPREQUEST for 1.2.3.4 (10.1.20.1) from a0:38:f7:4a:85:1b via 192.168.1.10: lease owned by peer
DHCPD_AAI_DHCPREQUEST DHCPREQUEST for %{IP:client} \(%{IP:dhcp_server}\) from %{MAC:mac} via %{IP:via}: %{GREEDYDATA:error}
DHCPD (%{DHCPD_AAI_CLIENT}|%{DHCPD_AAI_DISCOVER}|%{DHCPD_AAI_DECLINE}|%{DHCPD_AAI_DHCPREQUEST})