Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tulasidhar_P
Participant

How to get DHCP relase and renew logs from Checkpoint Firewall R80.10

Hi 

I have lab setup with Gatway running R80.10 and Management server with R80.20.

configured DHCP server on the Gateway and it is working fine. when i check logs i could see DHCP request and DHCP reply logs, that is fine. but when i do ipconfig/release on client machine still the log showing it as DHCP request (i think it is showing it as request because of UDP port it will use to release the IP) but what i want is the log should have a message saying that it is DHCP release some thing like that.

can we get those DHCP logs/notifications other than DHCP request and Replies?

the attached screen shot is when i did ipconfig/release from a client PC.

 

Note: i tried enabling with extended log option also but still no luck

Regards,

Tulasidhar

0 Kudos
6 Replies
HeikoAnkenbrand
Champion Champion
Champion

Hi @Tulasidhar_P 

The Redhat DHCP server is used. Therefore all standard logs and information can be found on the gateway:

/var/lib/dhcpd/dhcpd.leases

On the DHCP server, the file /var/lib/dhcpd/dhcpd.leases stores the DHCP client lease database. Do not change this file. DHCP lease information for each recently assigned IP address is automatically stored in the lease database. The information includes the length of the lease, to whom the IP address has been assigned, the start and end dates for the lease, and the MAC address of the network interface card that was used to retrieve the lease.

/var/log/messages

Here you can find more DHCP log entries.

---
PS:
If you change anything in the GAIA Clish or GAIA Web-GUI, the file /etc/dhcpd.conf will be updated accordingly via Check Point services and the DHCP service will be restarted if necessary.

 

➜ CCSM Elite, CCME, CCTE
0 Kudos
Tulasidhar_P
Participant

Hi

Thanks for your reply !!

I understand that the file which you have mentioned stores the all lease information. but my requirement is the log server should log the DHCP lease and renew packets( when the client pc type ipconfig/Release or ipconfig/Renew commands)  as they are but it is logging as DHCP request (release command) and DHCP reply (renew command). but i want the notifications/logs as DHCP relase and renew rather than DHCP request and reply.

 

Regards,

Tulasidhar

0 Kudos
G_W_Albrecht
Legend
Legend

Can you explain why you need that terminlogy ? You tell that DHCP request logs the release command and DHCP reply the renew, is that not enough ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
Tulasidhar_P
Participant

Actually we have client who is working on syslog integration with multiple  firewalls  exclusively with DHCP and VPN logs. they have seen on other firewalls logged DHCP renew and release also so they are expecting same from Checkpoint also.

0 Kudos
G_W_Albrecht
Legend
Legend

You did not write that in your post, only the wish to see this entries in CP Log ! It really is easy to achieve when exporting logs, you can map the log message to 3rd party needs easily, see: sk122323: Log Exporter - Check Point Log Export

CCSE CCTE CCSM SMB Specialist
0 Kudos
Tulasidhar_P
Participant

I have already configured log exporter but all DHCP messages are logged as DHCP request and DHCP reply only even client PC did ipconfig/release or ipconfig/renew.

however i have understood that Checkpoint will generate dhcp request and reply logs only.

 

Thanks for your help !!

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events