ISC DHCP server (DHCPd)

The ISC DHCP Server, or DHCPd, is commonly used on Linux systems. DHCPd uses syslog to log its activity. See Collecting and Parsing Syslog for general information about collecting syslog logs.

By default, DHCPd logs to the daemon syslog facility. If desired, the DHCPd log-facility configuration statement can be used in /etc/dhcp/dhcpd.conf to write logs to a different facility. The system logger could then be configured to handle that facility’s logs as required. Otherwise, something like the following example should work with the default settings.

Example 1. Collecting DHCPd messages

This configuration uses the im_file module to read DHCPd messages from one of the syslog log files, and the xm_syslog parse_syslog() procedure to parse them. Only events from the dhcpd source are kept; others are discarded with drop().

This method will most likely not preserve severity information. See Reading Syslog Log Files for more information and the other sections in Collecting and Parsing Syslog for alternative ways to collect syslog messages.
nxlog.conf
<Extension _syslog>
    Module  xm_syslog
</Extension>

<Input dhcp_server>
    Module  im_file
    # Debian writes `daemon` facility logs to `/var/log/daemon.log` by default
    File    '/var/log/daemon.log'
    # RHEL writes `daemon` facility logs to `/var/log/messages` by default
    #File    '/var/log/messages'
    <Exec>
        parse_syslog();
        if $SourceName != 'dhcpd' drop();
    </Exec>
</Input>
Disclaimer

While we endeavor to keep the information in this topic up to date and correct, NXLog makes no representations or warranties of any kind, express or implied about the completeness, accuracy, reliability, suitability, or availability of the content represented here.

Last revision: 28 December 2020