Home » Commands & Shells, Featured
You can download the script here: dhcp_log_stats.
DHCP Server Log Analysis
A quick script to go through your DHCP server log and get a summary of MAC addresses and associated DHCP requests. The script will attempt to download the IEEE OUI list for identifying the manufacturers associated with the MAC addresses in your log. This is a fairly large text file, so the download may take a few minutes. Once downloaded, the script will not try to download the file again, unless it’s about three months old.
You may need to modify the f="/var/log/boot.log" to point to your DHCP server log file. Depending on the number of log entries, the script may take a while to run. Feel free to optimize it if you can. The output should look something like this:
MAC IP Status Manufacturer DHCPACK DHCPDISCOVER DHCPINFORM DHCPNAK DHCPOFFER DHCPRELEASE DHCPREQUEST 1c:99:4c:b0:e8:22 192.168.22.155 down Murata Manufacturi 1573 4 0 0 4 0 1575 20:d3:90:da:c2:6d 192.168.22.151 up Samsung Electronic 10288 1 0 0 1 0 10288 28:b2:bd:4a:71:03 192.168.22.150 down Intel Corporate 11662 31 0 25 30 0 11687 28:c6:71:06:4c:c3 192.168.22.159 up Yota Devices OY 9535 31 0 6 31 0 9541
You can download the script here: dhcp_log_stats.
#!/bin/bash
f="/var/log/boot.log"
if [ ! -r "${f}" ]
then
echo "Cannot access ${f}"
exit 1
fi
ouif="/var/tmp/oui.txt"
ouiurl="http://standards.ieee.org/regauth/oui/oui.txt"
howold=90
if [ ! -f "${ouif}" ] || test $(find "${ouif}" -mtime +${howold})
then
echo "Downloading IEEE Organizationally Unique Identifier. This will take a few minutes..."
wget -q -O "${ouif}" "${ouiurl}"
if [ -f "${ouif}" ]
then
sed -i 's/\r$//g' "${ouif}"
else
echo "Cannot download ${ouiurl}"
exit 1
fi
fi
IFS=$'\n' ; op_array=($(grep -oP "DHCP[A-Z]{1,}" "${f}" | sort -u)) ; unset IFS
IFS=$'\n' ; mac_array=($(grep -oE '([[:xdigit:]]{2}:){5}[[:xdigit:]]{2}' "${f}" | sort -u)) ; unset IFS
IFS=$'\n' ; ip_array=($(grep -oE "([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})" "${f}" | sort -u)) ; unset IFS
s1=$(echo "scale=0;`printf '%s\n' ${op_array[@]} | wc -L`+1"|bc)
printf "%-18s %-16s %-8s %-20s" "MAC" "IP" "Status" "Manufacturer"
for ((i = 0; i < ${#op_array[@]}; i++)) ; do printf "%-${s1}s" "${op_array[$i]}" ; done
printf "\n"
printf '%s\n' ${mac_array[@]} | while read mac
do
ip_address=$(tac "${f}" | grep -m1 "DHCPOFFER.*${mac}" | grep -oE "([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})")
if [ -z "${ip_address}" ] ; then ip_address="none" ; fi
if [ $(ping -q -c 1 -W 5 ${ip_address} > /dev/null 2>&1 ; echo $?) -eq 0 ]
then
ip_online="up"
else
ip_online="down"
fi
oui=$(echo ${mac//[:.- ]/} | tr "[a-f]" "[A-F]" | egrep -o "^[0-9A-F]{6}")
mfg="$(grep -m1 "^${oui}" "${ouif}" | cut -f3 -d$'\t' | cut -c1-18 | sed -e 's/,\.//g')"
if [ -z "${mfg}" ]; then mfg="Unknown" ; fi
printf "%-18s %-16s %-8s %-20s" "${mac}" "${ip_address}" "${ip_online}" "${mfg}"
printf '%s\n' ${op_array[@]} | while read op
do
c=$(grep -cE "${op} .* ${mac} " "${f}")
printf "%-${s1}s" ${c}
done
printf "\n"
done
![rhd3hj6zvnqeth7qo8em0alduj0[1]](https://i2.wp.com/www.krazyworks.com/wp-content/uploads/2021/10/rhd3hj6zvnqeth7qo8em0alduj01-80x80.jpg "Synology NAS Hacks")
![9dwz62kvm0gtjya9kwb7pawtk9y[1]](https://i2.wp.com/www.krazyworks.com/wp-content/uploads/2021/10/9dwz62kvm0gtjya9kwb7pawtk9y1-80x80.jpg "Finding Duplicate Photos")
![ytioq398kc1wnvvz95uixhcn5ii[1]](https://i2.wp.com/www.krazyworks.com/wp-content/uploads/2021/08/ytioq398kc1wnvvz95uixhcn5ii1-80x80.jpg "WordPress: Post-processing of the image failed")
![tq9mhhd5xy2q0kto2j1785n6odv[1]](https://i1.wp.com/www.krazyworks.com/wp-content/uploads/2021/10/tq9mhhd5xy2q0kto2j1785n6odv1-80x80.jpg "NFS I/O Stats with Logging")
![iwoau71okwxqh4jv3k4ook32qps[1]](https://i2.wp.com/www.krazyworks.com/wp-content/uploads/2021/08/iwoau71okwxqh4jv3k4ook32qps1-80x80.jpg "Finding Cron Jobs")
![4ucne6vs8m7hqdl0el9ddqd1sql[1]](https://i2.wp.com/www.krazyworks.com/wp-content/uploads/2021/10/4ucne6vs8m7hqdl0el9ddqd1sql1-80x80.jpg "Inventorying NFS Mounts and Mount Options")
