24.11 - KEA DHCP/DNS Logging customization?
-
I migrated to the new KEA DHCP server (v4) with 24.11 as I was really looking forward to the integrated client DNS registration.
Everything seems to work beautifully - including the DNS registration of DHCP clients in Unbound.
BUT: I'm missing some logging configuration options:
First I really need to log DHCP activity (MAC -> IP tracking) like ISC did.
Second: The log is REALLY flooded with kea2unbound entries for client registrations because most clients are mobile and thus sleeps (reaffirms DHCP IP quite often) - causing A LOT of DNS registration entries.Is there any way to finetune the logging setup in KEA?
-
I wanted to wait to upgrade to 24.11, but you are making me really curious now.
After all, I was waiting for theEverything seems to work beautifully - including the DNS registration of DHCP clients in Unbound.
several years now.
@keyser said in 24.11 - KEA DHCP/DNS Logging customization?:
Second: The log is REALLY flooded with kea2unbound entries
I've got a job for you. Do something about it ?!
You've said it yourself :
Is there any way to finetune the logging setup in KEA?
If you have a process that spams the log with 'useless' lines, there is a solution.
Easiest solution : if "kea2unbound " is documented : are there log options ? I haven't found the source of kea2unbound yet myself in the pfSense repository ...
Plan B : pfSense uses syslogd.
Look at the config file that syslogd uses :[24.03-RELEASE][root@pfSense.bhf.tld]/root: ps aux | grep 'syslog' ...... root 80599 0.0 0.1 12824 3000 - Ss Tue07 0:03.27 /usr/sbin/syslogd -O rfc5424 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf -b 192.168.1.1 .....
/etc/syslogd.conf shows :
# Automatically generated, do not edit! # Place configuration files in /var/etc/syslog.d !* include /var/etc/syslog.d # /* Manually added files with non-conflicting names will not be automatically removed */
So, there you have it : /var/etc/syslog.d doesn't exist, but if you make create this yourself ?
FreeBSD Manual Pages syslogd.conf
There are filter options !!
On one of my debian systems, where I use also syslogd, I have this :
:msg, contains, "connect from localhost.localdomain[127.0.0.1]" ~
Which means : If the log line contains "connect from localhost.localdomain[127.0.0.1]" then discard the line.
Can you try this ? -
@Gertjan I'm not a huge a fan of manual edits and following modifications to make them stick, so I'll just live with the current log spam (I have a huge SSD, so wear death is not an issue).
The missing DHCP interactions (MAC -> IP) is however another issue - I hope it can be enabled to log that like ISC did. -
@keyser said in 24.11 - KEA DHCP/DNS Logging customization?:
I'm not a huge a fan of manual edits and following modifications to make them stick
I fully agree.
Nothing will stick here.
Take note : there is no 'pfSense files to edit' in this case.
Just adding a file "/var/etc/syslog.d" with extra (yours !) syslogd instructions.
During pfSense install/var/ will be empty to begin with anyway.
In case of issues : delete the file and done ^^Like you, I have a big SSD (4100 max) so no space issues.
But ... imho, log files are part of the overall security aspect of pfSense, and if one get spammed, the important info will get hidden, like the "security be obscurity" concept, but this time the other way around. -
Regarding the customization of KEA DHCP/DNS logging, you can explore a few aspects based on your specific requirements. The KEA DHCP server, along with its DNS service (if you are using KEA with DNS), provides flexible logging options that can be customized to suit your needs.
Here’s how you can approach it:
Log Levels: KEA allows you to configure different log levels for various subsystems (e.g., ERROR, INFO, DEBUG). The log level is set in the kea-dhcp4.conf (for DHCPv4) or kea-dhcp6.conf (for DHCPv6) configuration files. By adjusting the loggers section in the config file, you can control the verbosity and detail of the logs.
Log Format: The log format can also be customized. By default, KEA uses JSON for logging, but you can adjust it to a different format or modify the existing structure if needed. You can specify additional fields such as timestamps, log levels, and other custom attributes relevant to your network's needs.
Log File Location: KEA logs can be written to specific files, and you can configure where those log files are stored. This is useful for archival purposes and easier troubleshooting. The file option within the loggers configuration section helps to specify the destination.
Custom Loggers: KEA allows the addition of custom loggers, meaning you can write logs to different outputs, such as syslog, a remote server, or even to a custom application for further analysis. This is particularly useful for centralized logging in large network environments.
DNS Logging: If you are also using KEA with DNS, DNS query logs can be customized in the kea-dns.conf file. You can enable detailed logging for DNS queries, including the source IP address, query type, and response status. This can help in debugging DNS-related issues.
Log Rotation: It’s essential to configure log rotation to avoid your log files growing too large over time. This can be set up outside of KEA through system-level log rotation mechanisms, such as log rotation in Linux systems. [SPAM]
Integration with External Tools: KEA logs can be integrated with external log management and analysis tools such as Splunk, ELK stack, or Prometheus for advanced analysis and alerting.You may want to start by defining what kind of log information you need to capture and decide the level of detail required for each type of event. Adjusting the configurations based on your environment will help you achieve the best results.
Let me know if you need further details on configuring any of these options or if there's a specific logging use case you're working with!
-
Read again :
Second: The log is REALLY flooded with kea2unbound entries
kea2unbound is an 'in house' (by Netgate) developed tool to get DHCP leases from KEA and sends it to unbound.
So : this is not kea related.
No man file avaible.
No documentation.And what is 100001.su ? What language ?
-
ChatGPT has helped spammers a lot!