Solved isc-dhcpd log to syslog

T

tOsYZYny

I have been using isc-dhcpd for a while now; however, I am not seeing any logs written to /var/log/messages or /var/log/dhcpd.log.

/usr/local/etc/dhcpd.conf
Code: 
log-facility local7;
/etc/syslog.d/isc-dhcpd.conf
Code: 
!dhcpd
*.*                                             /var/log/dhcpd.log

#local7.debug        /var/log/dhcpd.log

Is this possible?
 
I assume without that file, you do see the log messages in /var/log/messages?

Then the problem is probably simple: syslog doesn't create logfiles, so you have to add a configuration for newsyslog(8) as well (e.g. in /etc/newsyslog.conf.d). Could look like this, for example:
Code: 
/var/log/dhcpd.log	root:network	640	3	1000 *	JC
Read newsyslog.conf(5) to configure to your needs.
 
Ah, ok, I wasn't aware of that.
No, I don't see anything in /var/log/messages or even /var/log/dhcpd.log (after I touch the file). I would expect I should see something somewhere.
 
Are you restarted syslogd service?
Also check /var/log/debug.log

/etc/syslog.conf
Code: 
*.err;kern.warning;auth.notice;mail.crit                /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs
ftp.info                                        /var/log/xferlog
cron.*                                          /var/log/cron
!-devd
local7.debug                                        /var/log/dhcpd.log
*.=debug                                        /var/log/debug.log
*.emerg                                         *
!ppp
*.*                                             /var/log/ppp.log
!*

It works for me.
 
I just tried that, but unfortunately, I am not seeing any logs written to /var/log/dhcpd.log. I checked messages, debug.log, and dhcpd.log.
 
Remove this:
Code: 
!dhcpd
*.*                                             /var/log/dhcpd.log
And enable this:
Code: 
local7.debug        /var/log/dhcpd.log
 
Both should work. But if dhcpd log messages don't appear in /var/log/messages with default syslog config, the problem is something else anyways.
 
Zirias said:
But if dhcpd log messages don't appear in /var/log/messages with default syslog config, the problem is something else anyways.
Click to expand...
I agree. Regardless of the syslog configuration the dhcpd messages should appear in /var/log/messages.

tOsYZYny After you added log-facility to dhcpd.conf did you restart the isc-dhcpd service?
 
Yes, I have restarted both services numerous times. The package doesn't list anything about syslog support, so I guess it is included in the box:
Options :
BIND_SYMBOLS : off
BINLEASES : off
DHCP4O6 : off
DOCS : on
IPV6 : on
LDAP : off
LDAP_SSL : on
PARANOIA : on
Annotations :
FreeBSD_version: 1202000
repo_type : binary
repository : FreeBSD
 
tOsYZYny said:
The package doesn't list anything about syslog support, so I guess it is included in the box
Click to expand...
Yes, it doesn't require any specific options. It's been running on one of my machines for years and I do get the messages in /var/log/messages. Adding the additional /usr/local/syslog.d/dhcpd.conf diverted that nicely to /var/log/dhcpd.log. The only line I have in dhcpd.conf is the log-facility local7; line.

Do you perhaps have any other service that's also logging with the local7 facility? If you have then check the logs for that service. And try local6 for dhcpd (you can use local0 to local7, it doesn't need to be 7).
 
I'm using the FreeBSD syslogd and not syslog-ng. Does that matter?

No, I don't believe I have anything else using local7, a quick grep showed that running some zfs cmds might write to local7. I don't have any services using local7 and I don't have local7 being router anywhere else.
 
My /etc/syslog.conf now looks like:

Code: 
*.err;kern.warning;auth.notice;mail.crit                /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs
ftp.info                                        /var/log/xferlog
cron.*                                          /var/log/cron
!-devd
local7.debug                                        /var/log/dhcpd.log
*.=debug                                        /var/log/debug.log
*.emerg                                         *
!ppp
*.*                                             /var/log/ppp.log
!*

Still, I don't see anything being logged.
 
I noticed a while back that logging wasn't working quite right on that machine, the logs are overly quiet. I am testing logging on my local machine and it seems to work fine:

logger -i "TEST" testing
I see the output in /var/log/messages

Similarly, if I do
logger -p local0.debug testing
I see the output in /var/log/debug

Both systems have the same sha256 for syslogd, so no tampering appears to have happened at least at that level.

I diffed /etc and /usr/local/etc and didn't find anything completely different. I also reverted the configuration on the trouble system to that of the working system and it still isn't working right.

The only thing I can figure is that one is patched correctly, and the other isn't patched correctly and hence the libraries aren't working?

I just thought of the system in question has a custom kernel whereas the one that is working has the standard kernel.

I put syslogd in debug mode and see this on every line:

Code: 
Failed to parse HOSTNAME from : 2021-04-02T21:45:00.004705-04:00
 
The hostname of the machine was not properly set:

forums.freebsd.org

How to Change Hostname

I recently installed FreeBSD 12.0 and haven't done anything else. I got this message after I booted up, and I suspect it's an error: login Jun 23 10:09:27 machine1 ntpd[1109]: error resolving pool 0.freebsd.pool.ntp.org:hostname nor servname provided, or not known (8) When I installed FreeBSD...
forums.freebsd.org forums.freebsd.org

241269 – syslogd fails to log anything if there is a unicode character in the hostname of a machine

bugs.freebsd.org bugs.freebsd.org
 
Ok, after setting the hostname, logs are working again; however, for isc-dhcpd, I'm still seeing nothing. I have it set to local7 for the log facility. If I run logger -p local7.debug, I can see those contents ending up in /var/log/dhcpd.log, but nothing from the dhcpd service.

I restarted several clients and ensured they asked for a DHCP lease and got one, but I didn't see any messages in the dhcpd.log file. Perusing the man pages, I didn't see any other options for logging or levels.

If I run dhcpd in the foreground with -d, then I see the messages. If I run it via service isc-dhcpd start, I don't see anything.
 
tOsYZYny said:
Ok, after setting the hostname, logs are working again; however, for isc-dhcpd, I'm still seeing nothing. I have it set to local7 for the log facility. If I run logger -p local7.debug, I can see those contents ending up in /var/log/dhcpd.log, but nothing from the dhcpd service.

I restarted several clients and ensured they asked for a DHCP lease and got one, but I didn't see any messages in the dhcpd.log file. Perusing the man pages, I didn't see any other options for logging or levels.

If I run dhcpd in the foreground with -d, then I see the messages. If I run it via service isc-dhcpd start, I don't see anything.
Click to expand...
Do you have it running chrooted? It's usually enabled via dhcpd_chroot_enable="YES" within /etc/rc.conf. It may have issues when running via chroot. Give it a try w/o chroot, just to make sure that everything else is configured correctly. For example, I personally have a working case when it's not chrooted and with the following in /usr/local/etc/syslog.d/isc-dhcpd.conf:
Code: 
!dhcpd
*.*             /var/log/isc-dhcpd.log
 
Yes, it was running chrooted - good catch.

I didn't have that file configured. I think I need to play around more with syslog to sort that out.
 
tOsYZYny said:
I didn't have that file configured. I think I need to play around more with syslog to sort that out.
Click to expand...
I've just tried to show a complete example. It's not a mandatory thing to have exactly the same file. You can configure syslog three different ways, at least:
  1. /etc/syslog.conf file altering
  2. /etc/syslog.d/*.conf file adding
  3. /usr/local/etc/syslog.d/*.conf file adding
syslog.d/*.conf approach expects that it's included via /etc/syslog.conf (and it does so by default, since some version of FreeBSD). I mention this in case if custom altering of /etc/syslog.conf ended up with commented/removed lines of such inclusion.

In my personal example I simply prefer the concept of base system and third-party software separation. As long as isc-dhcpd comes as a third-party from ports/pkg I try to keep related things beneath /usr/local prefix, that's why I followed the approach #3.
 
I'm still not having any luck:


/etc/rc.conf
# networking/services/dhcpd-dhcp-server
dhcpd_enable=YES
dhcpd_flags="-q"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
dhcpd_ifaces="wired"
dhcpd_withumask="022"
dhcpd_chuser_enable="YES" # runs w/o privileges?
dhcpd_withuser="dhcpd" # user name to run as
dhcpd_withgroup="dhcpd" # group name to run as
###dhcpd_chroot_enable="YES" # runs chrooted?
dhcpd_devfs_enable="YES" # use devfs if available?
dhcpd_rootdir="/var/db/dhcpd" # directory to run in
dhcpd_includedir="/usr/local/etc/dhcpd" # directory with config-files to include
Click to expand...

/etc/syslog.conf
*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
!-devd
local7.* /var/log/dhcpd.log
*.=debug /var/log/debug.log
*.emerg *
!ppp
*.* /var/log/ppp.log
!*
Click to expand...

/usr/local/etc/dhcpd.conf
ddns-update-style interim;

authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# do windows-style proxy autoconfig:

# these addresses are statically assigned
default-lease-time 259200;
max-lease-time 518400;

option subnet-mask 255.255.255.0;

# time hostname has not been used for years
option ntp-servers router;

# not using a PAC file currently
#option wpad-curl code 252 = text;
#option wpad-curl "http://proxy/proxy.pac";

include "/usr/local/etc/dhcpd/include.conf";
Click to expand...
 
I managed to get it working!

I will poke around with it more, but my /etc/syslog.conf was the problem. I reordered it and voila, it worked. I was testing on local0 and that wasn't being logged, so I played around with syslog.conf until it would log and then added local7 ...

*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
local7.* /var/log/local0

auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
!-devd

#local7.* /var/log/dhcpd.log
#local7.debug /var/log/dhcpd.log
#!dhcpd
#*.* /var/log/dhcpd.log

*.=debug /var/log/debug.log
*.emerg *
!ppp
*.* /var/log/ppp.log
Click to expand...

I will refactor this a bit, but it works and at least now I can see some dhcpd logs :).

It appears that the most important factor was that the destination log file must exist before syslog writes to it. I thought it would create it if it didn't exist and I thought I already tried that earlier.

Provided I update /etc/syslog.conf with:
include /etc/syslog.d
include /usr/local/etc/syslog.d
Click to expand...

I can alternatively configure the dhcpd logs in either of those locations which helps to make the configuration more modular and separate system from user-installed tools.
 
Hmm, to conclude this experiment, it appears that perhaps I just needed to create the file first. Syslog doesn't write to it until the file exists? That might have been the problem from the start along with running dhcpd in a chroot prevents it from logging as well.
 
You must log in or register to reply here.
Back
Top