Pfsense Dhcp Log
-
Well his whole concern is the log.. I agree with you that wouldn't have effect from the device moving between AP or connecting disconnecting from the wifi.. But it would remove dhcp being done - and fix up his logging issue ;)
-
@johnpoz Agree 100%.
-
I could see this being problematic if you had lots of iphones doing this ;)
I can easy tell from the logs when the phones are "sleeping" ;) heheheh
With such a low number of entries being shown (his 25 setting) that would fill up quick and that would be all you would see.. I hope he doesn't think seeing the number entries shown keeps the log size small?
That really has nothing to do with the actual size.. But you can adjust that here
https://docs.netgate.com/pfsense/en/latest/monitoring/logs/size.html -
I need to keep my logs for 2 years
pfsense client messages log record size increasing
need a more rational solution
the client is not a mobile device, there is acces point Ap and continuous pfsense dhcp communication
-
@ahmetakkaya said in Pfsense Dhcp Log:
I need to keep my logs for 2 years
pfsense client messages log record size increasing
need a more rational solution
Log to an external server
Build a litle linux server with a large disk (or raid) , and stop worrying. With logrotate the logs would even be compressed.
1TB or 4TB disks are cheap -
@ahmetakkaya said in Pfsense Dhcp Log:
need a more rational solution
Get rid of the misbehaving client? There is nothing pfsense can do about a client that repeatedly makes dhcp requests. Nothing.
-
Thanks for your consideration, but there was no result you wanted :)
-
@ahmetakkaya said in Pfsense Dhcp Log:
but there was no result you wanted
Who is you ?
@jwj, @johnpoz, @bingo600 have no issues.
Me neither.Show your setup. Copy paste images in your forum message (copy - Ctrl-C the image and use use Ctrl-V while writing your forum message)
Example :
My wifi network with 4 AP's is 192.168.2.0/24.
pfSense is 192.168.2.1
AP1 = 192.168.2.2 - and I set this AP using static IP settings :
AP2 using 192.168.2.3 - identical
AP3 using .... etc.
AP4 ... etc.The rest of the network, 192.168.2.5 -> 192.168.2.254, is the DHCP pool.
There are iPads, PC's, Phone and iPhone : I just checked and did not find any device on the wifi network that was asking a new DHCP lease info every 1 minute : I would ban it right away !!@ahmetakkaya said in Pfsense Dhcp Log:
Hello dhcp log communicates with the client every 1 minute.
The log does not communicate.
The DHCP client process, running on the cliuent, like a pHone, PC, Pad, or whatever, contacts the DHCP server, running on pfSense for IP 'lease' info.
The pfSense DHCP server will propose the client a IP (and other info) - and logs what it is doing, as a result. -
@ahmetakkaya said in Pfsense Dhcp Log:
the client is not a mobile devic
Yes it is... Clearly from what you posted its an Iphone..
If its not the iphone... Then how about you clearly point out what specific device is asking for dhcp every minute other than posting up a screenshot with iphone all over it..
As to keeping logs for 2 years - that is nothing pfsense would ever have been able to do because the logs are circular. Export your logs to a syslog server if you need to keep them.
As to AP?? Point it out in t log you posted.. Make it a static IP!!! if its asking for too much dhcp..
-
@johnpoz said in Pfsense Dhcp Log:
As to AP?? Point it out in t log you posted.. Make it a static IP!!! if its asking for too much dhcp..
I have manually defined an IP address for the AP device.
the result has not changed
AP device is a tp-link AP500 model
I disabled the AP device
The new device is a Unifi and the problem is solved.Why is Tplink causing problems?
-
OMG - there is clearly is some sort of translation issue going on here.
Not sure how many times it has to be said if you had set a static IP on the device - it wouldn't be asking for dhcp ever!!
What you posted clearly showed a iphone asking for dhcp multiple times.. ie about every minute..
Wifi devices are going to do this. If you have some AP where wifi clients connected and disconnect to it - its going to generate dhcp traffic. If you goal is logging this for 2 years because of governmental controls.. Then you need to have your dhcp log to say syslog server..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
my settings are as they appear
rental duration 5 minutes
result 3 minutes comebacks ?
-
If the lease is only good for 5 minutes (300 seconds), the renewal attempt comes at 50% of the lease, or 2.5 minutes (150 seconds). So seeing a renewal that soon would be expected with a lease so short.
-
^ exactly... Why would you ever set a dhcp lease so low? That is nuts..
Do people buy access in 5 minute increments?
As mentioned clients will renew around the 50% mark, and if they don't get a renew - they will try again, and again faster and faster until they do.. Or the lease expires - then they will send out discover..
With such a short lease - yeah your going to get bombed.. Especially if you have lots of clients.. And if you have any sort of issues with renew more and more attempts will happen faster and faster..
What exactly are you wanting to accomplish with such a short lease? Other than lots of dhcp traffic? ;)
-
How should the ideal rental period be
-
5 minutes seems pretty low ;) For a rental period.
And that would/should be controlled at the AP not via dhcp leases..
If your not authed you shouldn't even be able to connect to the wifi, if you can not connect to the wifi your dhcp server would never see a request for dhcp..
I would set your dhcp lease time to be enough time to support the max number of different clients you might see in a day.. Which would also go hand and hand with the size of your scope /24, /23, /22.. How many different clients might you see in a 24 hour period?
Setup your dhcp and scope to handle that many.. Then setup a lease for say 24 hours..
Where you could also run into issues with this stuff these days - especially if you need to track user to IP given is clients using private mac when they connect to wifi, and the mac changing - latest ios does this.. You know for the privacy of the user ;)
If this is for legal reasons in your country - you really need to make sure you tie user to auth, and logs list all of the IPs and Macs used for that auth for any given period of time..
Such logging is quite often beyond the skill sets of say bars and small restaurants or businesses just trying to provide service for their customers. Easier solution to not get in trouble with local laws for such businesses is just not provide wifi.. Some of the legal restrictions on logging is not very realistic for a small shop..
Pfsense is not going to be able to provide with with detailed logs, they are circular currently - I believe 2.5 changes that.. But if you need to log for years - you really need to have those logs on something else other than your edge firewall, and backed up, etc.
What is funny about the whole thing - is your natted.. So lets say the reason for the logging was IP address (your public did something bad) and the authorities want to know who did that.. Your not logging all firewall traffic are you? Those logs are circular as well.. So if authorities come to you and say hey 3 months ago your public IP did xyz that was bad - how exactly which 192.168.x.x went there at 2:13 pm on a tuesday the 3rd of September? etc.. And if you don't log user was tied to mac that had 192.168.x.x at that time.. All you know is some random mac (private mac) got that IP.. While you might have the dhcp logs, do you have the firewall logs to match the traffic up..
Like I said such logging gets well beyond the small business guy ability very quickly..
-
thanks all my friends.
-
@johnpoz He isn't wrong here technically. I also have a TP-Link AP (RE350), it is set as a static address on the network (192.168.1.50), but for whatever reason, it 'tries to get a lease from my DHCP server every minute for the same IP (in my case 192.168.1.113). Other than that, clients that connect through the AP work fine. It is super weird and I haven't gotten down to the bottom of it. I don't really care to much about it either though but maybe one day I will dig a little deeper.
It looks like this might fix it - https://community.tp-link.com/en/home/forum/topic/156045
It's some stupid TP-Link thing obviously... nothing to do with pfSense.@ahmetakkaya see link above.
-
Yeah that is a good find.. But as I stated way early in this thread. If you set a static IP on a device and it continues to ask for dhcp - that is something wrong with the client.
If you set a static on the client - it should NEVER ask for dhcp address..
And if it does - nothing pfsense can do about it.. Guess you could set an ignore..
But that still might be logged? And for it to work you would have to set deny for unknown clients, etc. That would be horrible and not a solution if have a lot of clients.
Fix the broken POS.. is the solution.. But if his goal is logging clients IP per some gov regulation like in some places in the EU where bars and restaurants are suppose to log this sort of stuff. Some dhcp server running on your edge router is not the solution for that either..
Also if his concern was his AP.. He should that he had set as static.. He should of clearly shown than - via say a screen shot on his AP showing he set it static. And the specific logs in dhcp showing that devices mac asking for dhcp still..
Not a log showing iphone macs..
-
