# Copyright (c) 2012 Flowerfire, Inc. All Rights Reserved. cisco_dhcp = { plugin_version = "1.0" # 2012-09-06 - Benson - 1.0 - Initial creation info.1.manufacturer = "Cisco Systems" info.1.device = "IOS DHCP Server" info.1.version.1 = "10.0" # The name of the log format log.format.format_label = "Cisco IOS DHCP Log Format" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "application" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_expression = ` matches_regular_expression(volatile.log_data_line, "[0-9]{6}: [0-9]+w[0-9]+d: DHCPD:") ` # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Log fields log.fields = { action = "" ip = "" mac = "" pool = "" message = "" events = "" } # log.fields ## Log sample #123149: 23w6d: DHCPD: checking for expired leases. #118339: 22w6d: DHCPD: the lease for address 10.160.1.192 has expired. #118340: 22w6d: DHCPD: returned 10.160.1.192 to address pool xxx. #119149: 23w0d: DHCPD: assigned IP address 10.160.1.202 to client 01d0.df9a.5742.2d. #112336: 21w5d: DHCPD: requested address 10.110.35.185 is not on subnet 10.160.1.0. #114908: 22w2d: DHCPD: dhcpd_age_bindings could not lock semaphore. # samples for fields introduced # Log Parsing Filters log.parsing_filters.parse = ` if (matches_regular_expression(v.syslog_message, '[0-9]{6}: [0-9]+w[0-9]+d: DHCPD: (.*)')) then ( v.message = $1; set_collected_field('', 'message', $1); if (matches_regular_expression(v.message, 'checking for expired leases.')) then ( set_collected_field('', 'action' , 'checking expired'); ); else if (matches_regular_expression(v.message, 'dhcpd_age_bindings could not lock semaphore.')) then ( set_collected_field('', 'action' , 'lock semaphore failed'); ); else if (matches_regular_expression(v.message, 'the lease for address ([0-9.]+) has expired.')) then ( set_collected_field('', 'ip' , $1); set_collected_field('', 'action' , 'expired'); ); else if (matches_regular_expression(v.message, 'returned ([0-9.]+) to address pool ([^.]+).')) then ( set_collected_field('', 'ip' , $1); set_collected_field('', 'pool' , $2); set_collected_field('', 'action' , 'returned'); ); else if (matches_regular_expression(v.message, 'assigned IP address ([0-9.]+) to client ([0-9a-f.]+).')) then ( set_collected_field('', 'ip' , $1); set_collected_field('', 'mac' , $2); set_collected_field('', 'action' , 'assigned'); ); else if (matches_regular_expression(v.message, 'requested address ([0-9.]+) is not on subnet ([0-9.]+).')) then ( set_collected_field('', 'ip' , $1); set_collected_field('', 'pool' , $2); set_collected_field('', 'action' , 'request failed'); ); accept_collected_entry('', false); ); ` # Database fields database.fields = { action = "" ip = "" mac = "" pool = "" message = "" } # database.fields # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters database.numerical_fields = { events = { label = "$lang_stats.field_labels.events" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # accesses } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" } # report_groups snapons = { # Add the standard reports add_standard_reports = { name = "add_standard_reports" label = "add_standard_reports" snapon = "add_standard_reports" } # add_standard_reports } # snapons } # create_profile_wizard_options } # cisco_dhcp