24.11 - KEA DHCP/DNS Logging customization?
-
@keyser said in 24.11 - KEA DHCP/DNS Logging customization?:
I'm not a huge a fan of manual edits and following modifications to make them stick
I fully agree.
Nothing will stick here.
Take note : there is no 'pfSense files to edit' in this case.
Just adding a file "/var/etc/syslog.d" with extra (yours !) syslogd instructions.
During pfSense install/var/ will be empty to begin with anyway.
In case of issues : delete the file and done ^^Like you, I have a big SSD (4100 max) so no space issues.
But ... imho, log files are part of the overall security aspect of pfSense, and if one get spammed, the important info will get hidden, like the "security be obscurity" concept, but this time the other way around. -
Regarding the customization of KEA DHCP/DNS logging, you can explore a few aspects based on your specific requirements. The KEA DHCP server, along with its DNS service (if you are using KEA with DNS), provides flexible logging options that can be customized to suit your needs.
Here’s how you can approach it:
Log Levels: KEA allows you to configure different log levels for various subsystems (e.g., ERROR, INFO, DEBUG). The log level is set in the kea-dhcp4.conf (for DHCPv4) or kea-dhcp6.conf (for DHCPv6) configuration files. By adjusting the loggers section in the config file, you can control the verbosity and detail of the logs.
Log Format: The log format can also be customized. By default, KEA uses JSON for logging, but you can adjust it to a different format or modify the existing structure if needed. You can specify additional fields such as timestamps, log levels, and other custom attributes relevant to your network's needs.
Log File Location: KEA logs can be written to specific files, and you can configure where those log files are stored. This is useful for archival purposes and easier troubleshooting. The file option within the loggers configuration section helps to specify the destination.
Custom Loggers: KEA allows the addition of custom loggers, meaning you can write logs to different outputs, such as syslog, a remote server, or even to a custom application for further analysis. This is particularly useful for centralized logging in large network environments.
DNS Logging: If you are also using KEA with DNS, DNS query logs can be customized in the kea-dns.conf file. You can enable detailed logging for DNS queries, including the source IP address, query type, and response status. This can help in debugging DNS-related issues.
Log Rotation: It’s essential to configure log rotation to avoid your log files growing too large over time. This can be set up outside of KEA through system-level log rotation mechanisms, such as log rotation in Linux systems. [SPAM]
Integration with External Tools: KEA logs can be integrated with external log management and analysis tools such as Splunk, ELK stack, or Prometheus for advanced analysis and alerting.You may want to start by defining what kind of log information you need to capture and decide the level of detail required for each type of event. Adjusting the configurations based on your environment will help you achieve the best results.
Let me know if you need further details on configuring any of these options or if there's a specific logging use case you're working with!
-
@10-0-0-0-1
Read again :
Second: The log is REALLY flooded with kea2unbound entries
kea2unbound is an 'in house' (by Netgate) developed tool to get DHCP leases from KEA and sends it to unbound.
So : this is not kea related.
No man file avaible.
No documentation.And what is 100001.su ? What language ?
-
ChatGPT has helped spammers a lot!
-
Resurfacing this...
Does anyone know of a custom (JSON?) option for Kea to enable more detailed logging of LAN DHCP lease assignments (MAC → IP) the way ISC did?
-
@luckman212 FWIW, there’s a pfSense package pending, ANDwatch, that allows you to keep and query a history of IPv4/IPv6 to MAC address mappings. It’s not particular to dhcp, but works with any form of assignment, static, dhcp, IPv6 assisted, etc. Redmine is here.
-
@dennypage That looks great! I will keep an eye out for it. Looks like you're just waiting for @marcosm to merge.
In the meantime, I dug a bit more, posted this about enabling debug logging in Kea. But for some reason it isn't having the expected effect. Maybe something with the build that's shipped with pfSense.
-
I'm curious, does anyone have any solutions for getting KEA to display requests like the old DHCP server used to do?
I'm sure KEA is fantastic, but as a network administrator, being able to see who's requesting what in real-time in the logs is an essential DHCP/firewall requirement.
KEA isn't a good DHCP server if it can't do that natively.
-
I just noticed that KEA used to provide this detail. The last logs I see where I get the normal DHCP back and forth is Aug 5. Was there an update to pfSense or KEA that removed this functionality, or changed log levels?
I have a Netgate 6100 (if that matters), and I'm curious if KEA is the only option for my pfSense for a DHCP server? I was actually pretty happy with the previous DHCP server, whatever it was called, and migrated to KEA because it was the only supported DHCP server, I guess?
-
@Amarand See this thread. That solution works perfectly and requires no "behind the scenes trickery"
https://forum.netgate.com/topic/196313/how-to-change-kea-dhcp-log-level/13?_=1756913953287 -
Fantastic, thank you! Yeah, I ended up getting to the JSON settings before I saw your reply, and I had DEBUG instead of just INFO and the logs were going crazy!
I think, with as active as my network is, and as chatty as the DHCP devices are, I'm going to ignore the web GUI, and just tail the logs over SSH. That way I can grep and sed to my heart's content.
I also set-up log rotation using the built-in method, so that's good.
Every once in a while I have these bursts of pfSense learning.
