This is a long-overdue follow-up to my previous article about extracting useful information from DHCP server logs. Once again, nothing fancy – just some simple scripting to help you get some idea of what’s going on in your DHCP world.
I made a couple of small but hopefully useful changes. First, instead of using wget to download the IEEE OUI list, which takes forever, I use this get-oui Perl script. By default, the script below will look for /root/ieee-oui.txt, but you can change that.
The second change has to do with using arp-scan instead of ping to determine if the device is online. This works better when scanning from the local subnet, as many devices that use DHCP would not respond to ping.
The script is below, and you can also download it from my GitHub repo.
#!/bin/bash
grep dhcpd /var/log/messages | grep -oE '([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}' | sort -u | while read line
do
iplist="$(grep ".*dhcpd.*${line}" /var/log/messages | grep -oE "([0-9]{1,3}\.){3}([0-9]{1,3})" | sort -u | xargs)"
if [ -z "${iplist}" ]
then
iplist=none
fi
devname="$(grep ".*dhcpd.*${line}" /var/log/messages | grep -oP "(?<=\()[[:alnum:]]{1,}(?=\))" | sort -u | xargs)"
if [ -z "${devname}" ]
then
devname=none
fi
status=OFF
if [ $(for ipa in ${iplist}; do arp-scan -xq "${ipa}" 2>/dev/null | grep -c ${ipa}; done | wc -l) -gt 0 ]
then
status=ON
fi
sed 's/://g' <<<${line} | tr '[:lower:]' '[:upper:]' | cut -c 1-6 | while read mac
do
ouilist="$(grep ^${mac} /root/ieee-oui.txt | awk '{ $1=""; sub(/^[\t ]+/, ""); print }' | xargs)"
if [ -z "${ouilist}" ]
then
ouilist=none
fi
echo -e "${line}^${status}^${iplist}^${devname}^${ouilist}"
done
done | (echo "MAC^ONLINE^IP ADDRESS^HOSTNAME^MANUFACTURER" && cat) | column -s^ -t
And here’s some sample output:
MAC ONLINE IP ADDRESS HOSTNAME MANUFACTURER 00:10:75:37:a8:fd ON 192.168.121.169 none Segate Technology LLC 00:11:32:2e:1a:07 ON 192.168.121.144 192.168.121.167 nas05 Synology Incorporated 24:f5:a2:46:91:6f ON 192.168.121.150 192.168.121.167 wemo Belkin International Inc. 24:f5:a2:46:93:4b ON 192.168.0.60 192.168.0.80 192.168.121.158 192.168.121.167 wemo Belkin International Inc. 34:03:de:4c:63:83 ON 192.168.121.142 192.168.121.167 none Texas Instruments
Experienced Unix/Linux System Administrator with 20-year background in Systems Analysis, Problem Resolution and Engineering Application Support in a large distributed Unix and Windows server environment. Strong problem determination skills. Good knowledge of networking, remote diagnostic techniques, firewalls and network security. Extensive experience with engineering application and database servers, high-availability systems, high-performance computing clusters, and process automation.
