Linux Dhcpd
LogZilla App Store application: Linux Dhcpd
Overview
Linux dhcpd is a daemon that implements the Dynamic Host Configuration Protocol (DHCP) and the Internet Bootstrap Protocol (BOOTP). DHCP allows hosts on a TCP/IP network to request and be assigned IP addresses, and to discover information about the network to which they are attached.
App Function
The Linux dhcpd app parses DHCP client device type information from DHCP
assignment (DHCPACK) messages, creating user tags for device identification
and network asset tracking.
Vendor Documentation
Log Source Details
| Item | Value |
|---|---|
| Vendor | Linux distributions |
| Device Type | Linux OS |
| Supported Software Version(s) | dhcpd servers (tested on isc-dhcp-server) |
| Collection Method | Syslog |
| Configurable Log Output? | no |
| Log Source Type | Linux syslog |
| Exceptions | N/A |
Incoming Log Format
dhcpd uses standard Linux syslog format. The message consists of a readable phrase explaining the DHCP operation, client device information, and IP addresses involved. There are no key-value pairs, delimited fields, or fixed-position fields.
Parsed Metadata Fields
The dhcpd app extracts client device type information from DHCPACK messages
(DHCP IP address assignments). The message format is:
textDHCPACK on <ip_addr> to <mac_addr> (<client_device_type>) via <interface>
Generated User Tag:
| Tag Name | Example | Description |
|---|---|---|
DHCP Client Type | VirtualBox | Type of DHCP client device |
High-Cardinality (HC) Tags
DHCP client device types are expected to be within normal cardinality limits. No high-cardinality tags are designated for this app.
Log Examples
DHCP IP Address Assignment
textDHCPACK on 192.168.254.100 to 08:00:27:61:76:cd (VirtualBox) via enp0s3