Logging über Template-Class Namen
Outside of the Kea-DHCP extension Forensic Logging, Kea-DHCP offers only limited options for customising the contents of the log messages.
This config snippets creates additional logging information from the DHCP requests by encoding the information in dynamic class names. This is clearly a hack, template classes are not meant to be used this way. Use on your own risk.
Kea-DHCP allows client classes to be created dynamically using template classes. Parts of the data of a DHCP request thus appear in the name of the template class and are written to the log files.
Kea-DHCP template classes: https://kea.readthedocs.io/en/kea-2.6.1/arm/classify.html#template-classes
Example:
"client-classes": [
{ "name": "addr",
"template-test": "addrtotext(pkt4.ciaddr) +'/'+ addrtotext(pkt4.giaddr)"},
[...]
],
This template class creates a Kea DHCP class with the name SPAWN_addr_<client-ip>/<relay-ip>.
In the Kea configuration in the logging configuration block:
"loggers": [
{
"name": "kea-dhcp4.dhcp4",
"output_options": [ {
"output": "/var/log/kea/kea-dhcp4-details.log"
} ],
"severity": "DEBUG",
"debuglevel": 40
},
[...]
]
Severity DEBUG and debug level = 40 are required to see the names of the template classes in the log output.
The log entries contain the MAC address, status of the client (DISCOVER or REQUEST), requested IP address and address of the relay agent (IP helper):
2025-03-11 15:53:44.453 DEBUG [kea-dhcp4.dhcp4/143757.140596832102080] DHCP4_CLASSES_ASSIGNED [hwtype=1 00:60:6e:65:a2:e5], cid=[01:00:60:6e:65:a2:e5], tid=0x794827ab: client packet has been assigned on DHCPDISCOVER message to the following classes: ALL, addr, SPAWN_addr_0.0.0.0/192.168.1.122, UNKNOWN 2025-03-11 15:54:55.804 DEBUG [kea-dhcp4.dhcp4/143757.140596840494784] DHCP4_CLASSES_ASSIGNED [hwtype=1 5c:1b:f4:a7:16:06], cid=[01:5c:1b:f4:a7:16:06], tid=0xcbd90bcc: client packet has been assigned on DHCPREQUEST message to the following classes: ALL, addr, SPAWN_addr_172.22.1.42/192.168.1.122, KNOWN