Gluff - a DHCP lease logger for ISC-dhcpd

Introduction

Gluff is the result of an idea by Magnus Törnros to collect and collate DHCP logging information from multiple DHCP servers into a database for later retrieval, and the idea soon grew to the current design after a number of brainstorming sessions between us.

Gluff was developed for a well-defined purpose: In an environment with DHCP servers in a failover configuration and switches using DHCP snooping and option 82 to imprint switch ID and switch port into passing DHCP requests, it is used to keep track of all leases from start to end, including the remote-id and circuit-id. It must be possible to determine where a particular IP address is connected at any given time.

The theory is simple: Unless the failover mechanism is failing, each DHCPACK sent out, from any DHCP server in the system, denotes an official lease or lease extension. Thus, for every DHCPACK, our patched dhcpd logs an entry in a "queue" table in a local sqlite3 database (chosen because it's supposed to have high performance and be easy to use).

Another process on the DHCP server computer, gluff, regularly consumes entries from the queue, accesses a MySQL database on a remote server shared by all the DHCP servers, and figures out whether the entry denotes a new lease or a lease extension. gluff updates the MySQL database accordingly, and so the database will contain correct lease records for every distinct lease ever granted.

I'm happy that others seem to be interested in this stuff! If you have use for it, please drop me line and tell me a bit about your project! My email address is in the README file in the source archive.

News

2010-05-05

New in version 1.8

• Added a patch for dhcp-4.1.1, with different locking and error handling in the sqlite3 code

2009-12-05

New in version 1.7.4

• Fixed a special-case bug in the database code
• Refactored the code to be more easily maintainable
• Added debug code
• Added an auto-incremented 'id' primary key field to the leases table (see below!)
• Added patches for dhcp-4.1.0p1 and dhcp-4.2.0a1

2009-06-12

New in version 1.7.2

• Added a variable initialization in hl_ldb.c (in the patch), to avoid a warning.

Database changes in 1.7.4

alter table leases drop primary key,add id int auto_increment not null first, add primary key(id);

Installation

On the DB server

This will by necessity be rather Ubuntu centered. You should be able to figure what prerequisites there are on other systems.

In terms of Ubuntu packages, you will need mysql-server, and you will also probably want to set up phpmyadmin, which will happily give you apache, php5-mysql and other stuff.

Configure mysql to listen to network interfaces - check "bind-address" in /etc/mysql/my.cnf or wherever it is.

Create a database (here called dhcpd_leases), and a user with permission to connect from each of the DHCP servers (substitute your own server addresses here):

CREATE DATABASE `dhcpd_leases`;
GRANT ALL ON dhcpd_leases.* TO 'dhcpd'@'192.168.10.10' IDENTIFIED BY 'foobar';
GRANT ALL ON dhcpd_leases.* TO 'dhcpd'@'192.168.11.10' IDENTIFIED BY 'foobar';

Create the tables, using the commands in dhcpd_leases.sql (please note: the "lstart" and "lend" fields in the leases table were called "start" and "end" in version 1.1!):

CREATE TABLE `cids` (
  `id` int(11) NOT NULL auto_increment,
  `value` varchar(63) default NULL,
  PRIMARY KEY  (`id`)
);
 
CREATE TABLE `rids` (
  `id` int(11) NOT NULL auto_increment,
  `value` varchar(63) default NULL,
  PRIMARY KEY  (`id`)
);
 
CREATE TABLE `hws` (
  `id` int(11) NOT NULL auto_increment,
  `value` varchar(63) default NULL,
  PRIMARY KEY  (`id`)
);
 
CREATE TABLE `ips` (
  `id` int(11) NOT NULL auto_increment,
  `value` varchar(63) default NULL,
  PRIMARY KEY  (`id`)
);
 
CREATE TABLE `leases` (
  `id` int(11) NOT NULL auto_increment,
  `ip` int(11) NOT NULL default '0',
  `lstart` datetime NOT NULL default '0000-00-00 00:00:00',
  `lend` datetime default NULL,
  `hw` int(11) default NULL,
  `cid` int(11) default NULL,
  `rid` int(11) default NULL,
  PRIMARY KEY  (`id`)
);

On the DHCP servers

You will want at least the following: libmysqlclient15-dev, libmysqlclient15off, libsqlite3-dev

Optional are mysql-client and sqlite3

To compile stuff, you also need gcc, build-essentials and possibly more stuff, like kernel headers

• Patch dhcpd-4.1.0, dhcpd-4.1.0a1, dhcp-4.1.0p1 or dhcp-4.2.0a1 using the relevant patch file:

  tar xzvf dhcp-4.1.0.tar.gz
  cd dhcp-4.1.0
  patch -p1 < ../dhcp-4.1.0-ldb.patch

• build, install and run dhcpd with the -ldb parameter to point out an sqlite3 database, here /var/db/dhcpd_queue.db3
• Configure, build and install gluff. If configure can't find libmysqlclient in Redhat, try

  LDFLAGS=-L/usr/lib/mysql ./configure

• Run gluff with the following command

   /opt/gluff/bin/gluff -l /var/db/dhcpd_queue.db3 -h 192.168.15.10
       -udhcpd -pfoobar -ddhcpd_leases -R

  where 192.168.15.10 is the address of the DB server.

gluff logs to local2 so you can set up syslog to handle it according to your wishes.

Note: in newer Ubuntu installs (at least) you will have to fiddle a bit to configure and build ISC dhcp:

CFLAGS="-fPIC -D_GNU_SOURCE" ./configure 

The dhcp server patch for dhcp 4.1.0 has been tested in my virtual test lab for a day and it appears stable. Please let me know if you find anything weird.

Please send me email if you need to get in touch! The comment feature has now been disabled for this page.