Pfsense Dhcp Log
-
Hello dhcp log communicates with the client every 1 minute.
I just want it to log, when it gets IP and lease expires?
In this way, the log size is too much daily, the backup also takes up space.
-
Well stop your client from sending out a request every freaking minute then ;)
As a client gets closer and closer to the lease expire - it will frantically attempt to renew..
Figure out why your clients are doing what they are doing, set your lease time to be longer, etc. But yeah the log is going to show what was asked for and what was offered, etc.
-
how to do help
-
This is client thing - not a pfsense thing.. See my edit, is your client actually renewing when it asks?
Pfsense has no control over a client continuing to ask for lease..
-
@johnpoz said in Pfsense Dhcp Log:
Well stop your client from sending out a request every freaking minute then ;)
As a client gets closer and closer to the lease expire - it will frantically attempt to renew..
Figure out why your clients are doing what they are doing, set your lease time to be longer, etc. But yeah the log is going to show what was asked for and what was offered, etc.
Maximum lease time 900 set to
Keeping logs according to this time should communicate with the client
-
What is the device asking for it? Phones can do this is as they connect and disconnect from the wifi for example..
Again this is not a pfsense thing.. If something asks for something, it will be logged.. If your log is filling up or has too many entries for your liking - the stop the thing from asking so much.
Setting the IP static on the device would be one way to "fix" the perceived problem ;)
-
no connectivity issues with clients
Static IP dynamic IP clients communicate in the same 1 minute with pfsense
-
@ahmetakkaya said in Pfsense Dhcp Log:
no connectivity issues with clients
I didn't ask that - look at the lease on the client, when was it last renewed.. If it asks for lease and gets an offer, it should renew its lease, etc. if its not - then it could continue to ask again for whatever reason only the client would know..
What part are you not getting this is not a pfsense thing... If you keep asking me, and I keep giving you an answer.. Why do you keep asking ;)
A dhcp reservation is not static on the device.. Still a lease - even if just the same IP every time, etc. And only for that client. If you don't want a client to ask for dhcp, because you think its asking too often. Then set the IP on the device you want it to use - and it will never ask for dhcp.. And your log will be empty ;)
What is this device that keeps asking? Something mobile on your wifi? A wired device?
-
Setting the IP static on the device would be one way to "fix" the perceived problem ;)
What is the solution for static ip clients? fix ?
-
Set your device with an IP on the device vs setting it to dhcp..
Dude if this is phone for example - this is what its going to do.. Iphone are horrible for this.. They go to sleep, and then want to check something - dhcp request, etc.
This was a huge issue many years ago with
https://www.net.princeton.edu/apple-ios/ios40-requests-DHCP-too-often.htmlSo again this is a client thing.. If you think a client is asking too much for dhcp - fix the client.. There is nothing you can do on pfsense to stop it from asking..
edit:
I notice this with my wife's iphone now and then.. Its running 14.3 - and loves to request dhcp all the time.. Its sitting on the nightstand charging at the moment.. It doesn't do this when she is using it.. But yeah does it when its just sitting there doing nothing ;)If you don't like the static idea - turn off its wifi when your not using it ;)
-
my clients are not mobile
2 access points (AP)
I also did static ip identification
the result has not changed :( -
@ahmetakkaya said in Pfsense Dhcp Log:
I also did static ip identification
No you didn't.. If you set a client for static - IT wouldn't ask for dhcp.. Because would not be enabled on the device... If it is - again nothing pfsense can do about that... Its a client ISSUE!!
When set a static IP on a device - it doesn't ask for dhcp... Not talking about setting reservation in the dhcp server to that mac always gets the same IP.. Talking about on the client setting the IP and mask and dns..
Example
-
Here I went picked up my wifes phone.. Guess what as soon as I started using it..
Its stupid dhcp requests stopped..
It was asking every minute or so.. now its been 7 minutes without a request
This is a client thing - nothing pfsense can do to stop a client from asking.. If its asked - it will be logged..
-
I have a tp link a500 ap device
manual IP identification and result
this message every 1 minuteDec 26 19:30:13 dhcpd DHCPACK on 10.10.45.11 to f4:f2:6d:6a:b1:1c (AP500) via re1
Dec 26 19:30:13 dhcpd DHCPREQUEST for 10.10.45.11 (10.10.45.1) from f4:f2:6d:6a:b1:1c (AP500) via re1 -
@johnpoz Particularly with Apple devices asleep isn't asleep. They, without turning on the screen, wake up see if they need to do something. They often turn their radios on and off when doing this to save battery. You can see this as lots of very short connections.
This can be mitigated, sometimes, by turning on "Unscheduled Automatic Power Save Delivery" on your wireless access point. The access point will then pretend the device is still connected during these naps. In my environment, Unifi, this kinda works a little bit depending on how broken the current firmware is. Better wireless gear handles that situation way better.
Apple devices, at least some, will make DHCP requests every time they wake up, silently, from these naps. Nothing can be done about that. Like @johnpoz said, if the client asks, the server will respond...
-
^ Exactly what I have been saying this whole time ;)
"Unscheduled Automatic Power Save Delivery"
Yup you can see a bunch of my wifi devices do this - have many a smart lightbulb/plug/etc..
Those little leaves mean Unscheduled Automatic Power Save Delivery is being used..
-
One more thing that can be helpful. If your seeing these disconnect-connect events and the client is changing channels you can try to do one of two things.
Turn the power down on the 2.4GHz radio so they don't flip back and forth. Try this even if you are doing "Band Steering".
If you have more than one AP, disable the 2.4GHz radio on one or more APs. You will want to "survey" your place to determine how to best cover the space with the radios and set them up best. Becomes more involved and more important if you want to be able to roam seamlessly from AP to AP...
There is a bit science and a bigger bit of trial and error unless you have expensive gear to survey the RF environment.
I'm anxiously awaiting WiFi6E. New spectrum and higher speeds over shorter distances. Even thin walls will attenuate that 6GHz signal. Will help the problem of not letting go of a lousy signal and switching to a closer AP. Price to be paid is the need for more APs to cover a given space.
-
I looked at his first post again.. And yup its an iphone doing this - just like my wifes does..
So if you don't like it - you could set it never go to sleep ever.. Not sure if that is an option to be honest? ;) But that would sure suck for its battery life.
Other thing is you could set its IP to static for this specific ssid
click the little i when your connected to the specific wifi network
That should stop it from doing any dhcp on this network..
Other option you could do is set your log to show more than 25 entries ;) You can set it up to 2000..
-
@johnpoz That would get rid of the log entries. I guess you could also ignore that log unless you are working through a specific issue.
99% sure that you have no control over the power settings on an iPhone.
-
@jwj
Well his whole concern is the log.. I agree with you that wouldn't have effect from the device moving between AP or connecting disconnecting from the wifi.. But it would remove dhcp being done - and fix up his logging issue ;)
-
@johnpoz Agree 100%.
-
I could see this being problematic if you had lots of iphones doing this ;)
I can easy tell from the logs when the phones are "sleeping" ;) heheheh
With such a low number of entries being shown (his 25 setting) that would fill up quick and that would be all you would see.. I hope he doesn't think seeing the number entries shown keeps the log size small?
That really has nothing to do with the actual size.. But you can adjust that here
https://docs.netgate.com/pfsense/en/latest/monitoring/logs/size.html -
I need to keep my logs for 2 years
pfsense client messages log record size increasing
need a more rational solution
the client is not a mobile device, there is acces point Ap and continuous pfsense dhcp communication
-
@ahmetakkaya said in Pfsense Dhcp Log:
I need to keep my logs for 2 years
pfsense client messages log record size increasing
need a more rational solution
Log to an external server
Build a litle linux server with a large disk (or raid) , and stop worrying. With logrotate the logs would even be compressed.
1TB or 4TB disks are cheap -
@ahmetakkaya said in Pfsense Dhcp Log:
need a more rational solution
Get rid of the misbehaving client? There is nothing pfsense can do about a client that repeatedly makes dhcp requests. Nothing.
-
Thanks for your consideration, but there was no result you wanted :)
-
@ahmetakkaya said in Pfsense Dhcp Log:
but there was no result you wanted
Who is you ?
@jwj, @johnpoz, @bingo600 have no issues.
Me neither.Show your setup. Copy paste images in your forum message (copy - Ctrl-C the image and use use Ctrl-V while writing your forum message)
Example :
My wifi network with 4 AP's is 192.168.2.0/24.
pfSense is 192.168.2.1
AP1 = 192.168.2.2 - and I set this AP using static IP settings :AP2 using 192.168.2.3 - identical
AP3 using .... etc.
AP4 ... etc.The rest of the network, 192.168.2.5 -> 192.168.2.254, is the DHCP pool.
There are iPads, PC's, Phone and iPhone : I just checked and did not find any device on the wifi network that was asking a new DHCP lease info every 1 minute : I would ban it right away !!@ahmetakkaya said in Pfsense Dhcp Log:
Hello dhcp log communicates with the client every 1 minute.
The log does not communicate.
The DHCP client process, running on the cliuent, like a pHone, PC, Pad, or whatever, contacts the DHCP server, running on pfSense for IP 'lease' info.
The pfSense DHCP server will propose the client a IP (and other info) - and logs what it is doing, as a result. -
@ahmetakkaya said in Pfsense Dhcp Log:
the client is not a mobile devic
Yes it is... Clearly from what you posted its an Iphone..
If its not the iphone... Then how about you clearly point out what specific device is asking for dhcp every minute other than posting up a screenshot with iphone all over it..
As to keeping logs for 2 years - that is nothing pfsense would ever have been able to do because the logs are circular. Export your logs to a syslog server if you need to keep them.
As to AP?? Point it out in t log you posted.. Make it a static IP!!! if its asking for too much dhcp..
-
@johnpoz said in Pfsense Dhcp Log:
As to AP?? Point it out in t log you posted.. Make it a static IP!!! if its asking for too much dhcp..
I have manually defined an IP address for the AP device.
the result has not changed
AP device is a tp-link AP500 model
I disabled the AP device
The new device is a Unifi and the problem is solved.Why is Tplink causing problems?
-
OMG - there is clearly is some sort of translation issue going on here.
Not sure how many times it has to be said if you had set a static IP on the device - it wouldn't be asking for dhcp ever!!
What you posted clearly showed a iphone asking for dhcp multiple times.. ie about every minute..
Wifi devices are going to do this. If you have some AP where wifi clients connected and disconnect to it - its going to generate dhcp traffic. If you goal is logging this for 2 years because of governmental controls.. Then you need to have your dhcp log to say syslog server..
-
my settings are as they appear
rental duration 5 minutes
result 3 minutes comebacks ? -
If the lease is only good for 5 minutes (300 seconds), the renewal attempt comes at 50% of the lease, or 2.5 minutes (150 seconds). So seeing a renewal that soon would be expected with a lease so short.
-
^ exactly... Why would you ever set a dhcp lease so low? That is nuts..
Do people buy access in 5 minute increments?
As mentioned clients will renew around the 50% mark, and if they don't get a renew - they will try again, and again faster and faster until they do.. Or the lease expires - then they will send out discover..
With such a short lease - yeah your going to get bombed.. Especially if you have lots of clients.. And if you have any sort of issues with renew more and more attempts will happen faster and faster..
What exactly are you wanting to accomplish with such a short lease? Other than lots of dhcp traffic? ;)
-
How should the ideal rental period be
-
5 minutes seems pretty low ;) For a rental period.
And that would/should be controlled at the AP not via dhcp leases..
If your not authed you shouldn't even be able to connect to the wifi, if you can not connect to the wifi your dhcp server would never see a request for dhcp..
I would set your dhcp lease time to be enough time to support the max number of different clients you might see in a day.. Which would also go hand and hand with the size of your scope /24, /23, /22.. How many different clients might you see in a 24 hour period?
Setup your dhcp and scope to handle that many.. Then setup a lease for say 24 hours..
Where you could also run into issues with this stuff these days - especially if you need to track user to IP given is clients using private mac when they connect to wifi, and the mac changing - latest ios does this.. You know for the privacy of the user ;)
If this is for legal reasons in your country - you really need to make sure you tie user to auth, and logs list all of the IPs and Macs used for that auth for any given period of time..
Such logging is quite often beyond the skill sets of say bars and small restaurants or businesses just trying to provide service for their customers. Easier solution to not get in trouble with local laws for such businesses is just not provide wifi.. Some of the legal restrictions on logging is not very realistic for a small shop..
Pfsense is not going to be able to provide with with detailed logs, they are circular currently - I believe 2.5 changes that.. But if you need to log for years - you really need to have those logs on something else other than your edge firewall, and backed up, etc.
What is funny about the whole thing - is your natted.. So lets say the reason for the logging was IP address (your public did something bad) and the authorities want to know who did that.. Your not logging all firewall traffic are you? Those logs are circular as well.. So if authorities come to you and say hey 3 months ago your public IP did xyz that was bad - how exactly which 192.168.x.x went there at 2:13 pm on a tuesday the 3rd of September? etc.. And if you don't log user was tied to mac that had 192.168.x.x at that time.. All you know is some random mac (private mac) got that IP.. While you might have the dhcp logs, do you have the firewall logs to match the traffic up..
Like I said such logging gets well beyond the small business guy ability very quickly..
-
thanks all my friends.
-
@johnpoz He isn't wrong here technically. I also have a TP-Link AP (RE350), it is set as a static address on the network (192.168.1.50), but for whatever reason, it 'tries to get a lease from my DHCP server every minute for the same IP (in my case 192.168.1.113). Other than that, clients that connect through the AP work fine. It is super weird and I haven't gotten down to the bottom of it. I don't really care to much about it either though but maybe one day I will dig a little deeper.
It looks like this might fix it - https://community.tp-link.com/en/home/forum/topic/156045
It's some stupid TP-Link thing obviously... nothing to do with pfSense.@ahmetakkaya see link above.
-
Yeah that is a good find.. But as I stated way early in this thread. If you set a static IP on a device and it continues to ask for dhcp - that is something wrong with the client.
If you set a static on the client - it should NEVER ask for dhcp address..
And if it does - nothing pfsense can do about it.. Guess you could set an ignore..
But that still might be logged? And for it to work you would have to set deny for unknown clients, etc. That would be horrible and not a solution if have a lot of clients.
Fix the broken POS.. is the solution.. But if his goal is logging clients IP per some gov regulation like in some places in the EU where bars and restaurants are suppose to log this sort of stuff. Some dhcp server running on your edge router is not the solution for that either..
Also if his concern was his AP.. He should that he had set as static.. He should of clearly shown than - via say a screen shot on his AP showing he set it static. And the specific logs in dhcp showing that devices mac asking for dhcp still..
Not a log showing iphone macs..
-