How to change Kea DHCP log level

LaUs3r · Feb 6, 2025, 9:51 AM

Dear all,

today I was struggling with the log level of the Kea DHCP server.
I wanted to add a new client (smoke detector) to my environment with a static IP mapping. As I had no information about the MAC address, I was relying on the logs of the DHCP server to get the MAC first. From ISC I am used to pretty clear and easy to read log entries.
With Kea I got no usable information as the log level is set to WARNINGS only.

After doing some research, I couldn't find any straight info how to change the log level in pfSense, but in the end I managed to achieve it.

There are 2 files you need to change on the pfSense box:

keactrl.conf:
file location: /usr/local/etc/kea/keactrl.conf
Change the verbosity level, i.e. change "kea_verbose=no" --> "kea_verbose=yes".
If you do not change this entry, all changes in the next file regarding the log level are not taken into account
kea-dhcp4.conf
file location: /usr/local/etc/kea/kea-dhcp4.conf
Change in section "loggers" the entry for "severity". In my case, the level was set to "WARN". Based on the Kea documentation there are 5 different log levels: DEBUG, INFO, WARN, ERROR, FATAL (https://kea.readthedocs.io/en/kea-2.2.0/arm/logging.html).
My final entry was: "severity": "INFO"
Restart Kea

keactrl reload

The change to the kea-dhcp.conf is not persistent, i.e. does not survive a reboot

Maybe this is helpful to the one or other.

Cheers

Gertjan · Feb 6, 2025, 9:51 AM

@LaUs3r said in How to change Kea DHCP log level:

keactrl.conf:

Afaik, the process (program) keactrl isn't used by pfSense.
The GUI starts "/usr/local/sbin/kea-dhcp4" (with config file /usr/local/etc/kea/kea-dhcp4.conf)
and
/usr/local/sbin/kea-dhcp6 with config file /usr/local/etc/kea/kea-dhcp6.conf

if you have IPv6 LAN(s) directly.

Your 2) is .... well ... will work only ones.

You've said it yourself :

@LaUs3r said in How to change Kea DHCP log level:

The change to the kea-dhcp.conf is not persistent, i.e. does not survive a reboot

Consider this over simplified description of pfSense - the GUI.
It's a nice looking super config file creator.
So the very next time a process, like the DHCPv4 server kea-dhcp4, gets restarted, first, the config file is re created using GUI stored settings, and then the process is started.
At that moment, your own edits of a file like /usr/local/etc/kea/kea-dhcp4.conf are gone.

So, it won't survive a reboot, and it won't survive the very next process restart, for example when you save the DHCPv4 server settings page, for example.

If you want to change the log "severity", have a look at /etc/inc/services.inc
I presume you use 24.11 - pfSense Plus.

Look here.
Change you /etc/inc/services.inc, locate the same line, change WARN for INFO, save, restart DHCPv4 (kea) and voila.

Btw :
I've myself this :

so the "severity" setting gets its info from the kea/loglevel pfSense config file - but I never bothered to change also the GUI pages to select from an INFO, WARN ERROR etc list.

These edit won't survive a pfSense version upgrade. But that's not an issue as the next update will include this option in the GUI for sure.

@LaUs3r said in How to change Kea DHCP log level:

I was relying on the logs of the DHCP server to get the MAC first

Lol, I always do exactly that.
And maybe the kea DHCPv4 logs are less detailed.
But : you'll would find the lease (MAC) here :

and this works out of the box ^^

LaUs3r · Feb 6, 2025, 8:45 PM

@Gertjan, thx very much for your awesome reply. I really appreciate it as I learned something new
To be honest, it's the first time I read something about the services.inc-file. Super interesting!!

Of course, I tried it and it works like a charm.