WeOSLogging and DHCP Option 7
About
The goal of the use-case presented in this document is to demonstrate how to configure a network where WeOS devices are configured to send log messages to a remote syslog server, that is provided by a DHCP lease, that includes option 7 (log server).
We will walk through the steps to configure the necessary logging sinks on the client devices. Furthermore, we will also provide an example of how to configure a DHCP server on a WeOS device to provide the necessary DHCP option 7 in the lease.
Prerequisites
This document assumes that you have a basic understanding of the WeOS logging system. If you are not familiar with the logging system, please refer to the Logging Configuration page.
In addition, it is good to have a basic understanding of how to configure a DHCP server on a WeOS device. If you are not familiar with the DHCP server configuration, please refer to the DHCP Server Configuration
Introduction
For more intricate detail when it comes to logging to remote machines, please refer to the Logging to Remote Machines HowTo. In this use-case, we will focus on configuring logging destinations that can be set to dynamically assign the IP address of the intended remote syslog server, using DHCP option 7 (log server).
Consider the simplified network topology in Figure 1, below.
.---------. .---------.
| DHCP- | | Syslog- |
| Server | | Server |
| | | |
'----+----' '----+----'
|.10 |.20
| |
| |
-------+----------+----------+------- 192.168.1.0/24
|
|
| vlan1: DHCP
.----+----.
| |
| S1 |
| |
'---------'
Figure 1: Example of a network with a DHCP server and a syslog server. The DHCP server is configured to provide the switch S1 with a lease that includes the syslog server's IP address, provided by DHCP option 7 (log server).
For this use-case, we will configure the switch S1 to send log messages using UDP, for the sake of simplicity, to the syslog server located at IP address 192.168.1.20. We will configure the DHCP server to provide the switch S1 with a lease that includes the syslog server’s IP address, using DHCP option 7.
In the next section will will cover how to configure the devices DHCP-Server and S1 to achieve this. We will start with the configuration of the DHCP server.
Configuration
We will focus on the configuration of both the DHCP server and the switch S1.
DHCP Server configuration
We will configure a DHCP server to provide an IP address to the switch from a
pool of addresses within the subnet 192.168.1.0/24. Additionally, we will
configure the DHCP server to provide option 7, specifying 192.168.1.20 with
every lease that is provided from the server, using the log-server command.
Note
We assume that the underlying network is already configured, with correct interfaces and addresses.
The configuration of the DHCP server is as follows:
DHCP-Server:/#> configure DHCP-Server:/config/#> dhcp-server DHCP-Server:/config/dhcp-server/#> subnet 192.168.1.0/24 DHCP-Server:/config/dhcp-server/subnet-192.168.1.0/#> pool 192.168.1.100 10 DHCP-Server:/config/dhcp-server/subnet-192.168.1.0/#> end DHCP-Server:/config/dhcp-server/#> log-server 192.168.1.20 DHCP-Server:/config/dhcp-server/#> leave DHCP-Server:/#>
Tip
The log-server can also be specified per subnet and host in addition
to the global level.
For this simple example, we do not need to configure much more than this in order to provide the switch S1 with the necessary lease.
Switch S1 configuration
Now we can configure the switch S1 to set up a remote logging sink, which destination is set to obtain the IP address from the DHCP lease. We can configure the switch in the following way:
S1:/#> configure S1:/config/#> iface vlan1 S1:/config/iface-vlan1/#> inet dhcp S1:/config/iface-vlan1/inet-dhcp/#> end S1:/config/iface-vlan1/#> end S1:/config/#> S1:/config/#> logging S1:/config/logging/#> source local S1:/config/logging/source-local/#> userspace S1:/config/logging/source-local/#> kernel S1:/config/logging/source-local/#> end S1:/config/logging/#> S1:/config/logging/#> destination remote S1:/config/logging/destination-remote/#> type remote S1:/config/logging/destination-remote/#> transport udp S1:/config/logging/destination-remote/#> host dhcp vlan1 S1:/config/logging/destination-remote/#> end S1:/config/logging/#> S1:/config/logging/#> sink to-remote S1:/config/logging/sink-to-remote/#> source local S1:/config/logging/sink-to-remote/#> destination remote S1:/config/logging/sink-to-remote/#> end S1:/config/logging/#> S1:/config/logging/#> show Console syslog : Disabled External logging : Disabled Secure mode : Enabled ╒ Sources ═══════════════════════════════════════════════════════════════════╕ │NAME │ │Type: local USERSPACE KERNEL │ │local Yes Yes │ └────────────────────────────────────────────────────────────────────────────┘ ╒ Destinations ══════════════════════════════════════════════════════════════╕ │NAME │ │Type: remote TRANSPORT TO-HOST PORT FORMAT │ │remote udp vlan1 514 rfc5424 │ └────────────────────────────────────────────────────────────────────────────┘ ╒ Filters ═══════════════════════════════════════════════════════════════════╕ │NAME INVERT TYPE FILTER │ ├────────────────────────────────────────────────────────────────────────────┤ │No filter(s) currently configured... │ └────────────────────────────────────────────────────────────────────────────┘ ╒ Sinks ═════════════════════════════════════════════════════════════════════╕ │NAME SOURCES DESTINATIONS OP FILTERS │ │to-remote local remote │ └────────────────────────────────────────────────────────────────────────────┘ dhcp:/config/logging/#> leave Applying configuration. Configuration activated. Remember "copy run start" to save to flash (NVRAM). S1:/#>
Tip
A source called local should be present on the switch by default, from the default factory configuration. For the sake of this example, we explicitly configure the source to make it clear.
With this configuration, the switch S1 will dynamically set the host IP address for the destination remote. This IP address is provided by a DHCP lease on the interface vlan1, if the lease includes the option 7 (log server).
Note
Currently, each logging destination that is configured in this manner can receive and apply up to two IP addresses per DHCP lease option 7.
Verification
With the current configuration, the switch S1 should now be able to send log messages to the syslog server located at 192.168.1.20, when it receives a lease from the DHCP server.
The first thing that we can verify is that the DHCP server has provided S1 with a lease. If we check on the DHCP server, we should see that a lease has been provided to the switch:
DHCP-Server:/#> show dhcp-server
DHCP-Server:/#> show dhcp-server
DHCP server active, PID: 832
LEASE TIME MAC ADDRESS CLIENT ID IP ADDRESS HOSTNAME
864000 0c:b1:ec:09:00:00 01:0c:b1:ec:09:00:00 192.168.1.104 S1
If we check on S1, we should also see that the interface vlan1 has received a lease:
S1:/#> show iface vlan1
Name : vlan1
Admin. State : Up
Oper. Status : UP
MAC Address : 0c:b1:ec:09:00:00
IP Addresses : 169.254.126.43/16 (link-local)
192.168.1.104/24 (dhcp) ◄────── IP address from DHCP
MTU : 1500
Statistics :
RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts
64 8930 0 0 0 56
TX: Packets Bytes Errors DeadLoop NoRoute NoBufs
68 12341 0 0 0 0
Next, we can verify that our remote logging destination has the correct IP address as follows:
S1:/#> show logging destination remote
╒ Remote Destinations ════════════════════════════════════════════════════════════════════╕
│NAME REMOTE_PROTOCOL_IP_PORT PROCESSED DROPPED WRITTEN QUEUED MEMORY_USAGE │
│sink-remote udp,192.168.1.20:514 13 0 13 0 0 │
└─────────────────────────────────────────────────────────────────────────────────────────┘
If everything is configured correctly, the output should show that the destination sink-remote has been assigned the IP address of the Syslog server, which is 192.168.1.20. In the output, we should also be able to see that our messages have been WRITTEN and PROCESSED.
If we have not yet received a lease, or if the provided lease does not include option 7, the status of the remote destinations will indicate that there are no active remote logging destinations:
S1:/#> show logging destination remote ╒ Remote Destinations ═════════════════════════════════════════════════════════════╕ │NAME REMOTE_PROTOCOL_IP_PORT PROCESSED DROPPED WRITTEN QUEUED MEMORY_USAGE │ ├──────────────────────────────────────────────────────────────────────────────────┤ │No entry currently found... │ └──────────────────────────────────────────────────────────────────────────────────┘
This is because the remote logging destination instance will remain inactive until the switch receives a lease with option 7.
Finally, we can verify that the switch S1 is able to send log messages to the syslog server, by generating a log message on the switch:
S1:/#> shell Domain shell started. admin@example:~ # logger -p notice "This is a test message" admin@example:~ #
If the syslog server is correctly configured, the message should be received and logged by the syslog server.
Conclusion
The use of DHCP option 7 allows for dynamic configuration of logging destinations on WeOS devices. We demonstrated how to configure a DHCP server to provide a lease that includes the IP address of a syslog server. Additionally, we showed how to configure a WeOS device to dynamically use this IP address to specify the location of a remote syslog server.