That's what we are doing, but the intention is for the Splunk Add-on (basically what Logstash calls a module) to provide all the regex required to parse the logs and enrich them with the required metadata to understand what each log message means without having to look it up in the reference guide. I will add more extractions to the add-on, which is basically regex that can be re-used in whatever logging platform you use, so it might be of interest even for those not using Splunk.
Mikael 2017-12-05 15:41 GMT+01:00 Munroe Sollog <[email protected]>: > I am not familiar with splunk as we use logstash, but can't you just use > syslog to forward them to splunk and then just parse them accordingly? > > On Tue, Dec 5, 2017 at 9:39 AM, Mikael Bjerkeland <[email protected]> > wrote: > >> I am also interested in this. I started writing a Splunk add-on to >> extract and parse the logs. Posting the URL in case anyone else needs this: >> >> https://github.com/inspired/TA-isc-kea-dhcp-server-add-on-fo >> r-splunk-enterprise >> >> >> 5. des. 2017 15:35 skrev "Munroe Sollog" <[email protected]>: >> >>> I'm using this document as reference: >>> >>> http://kea.isc.org/docs/kea-messages.html#messages >>> >>> When it comes to DHCP the decades-old process has long been understood >>> as DORA or DORG >>> >>> Discover, Offer, Request/Renew, Acknowledge/Grant >>> >>> Looking at my logs and the above website, it looks like the ISC has >>> abandoned these words and replaced them with things like 'LEASE_ALLOC" and >>> "LEASE_ADVERT" and "INIT_REBOOT". I have not been able to find an >>> equivalent message for discover yet. >>> >>> As a system/network administrator, I found it incredibly useful to be >>> able to follow the DORA process in the logs, especially when >>> troubleshooting a problem. >>> >>> Am I missing a configuration parameter that might restore some of this >>> functionality? >>> >>> -- >>> Munroe Sollog >>> Senior Network Engineer >>> [email protected] >>> >>> _______________________________________________ >>> Kea-users mailing list >>> [email protected] >>> https://lists.isc.org/mailman/listinfo/kea-users >>> >>> > > > -- > Munroe Sollog > Senior Network Engineer > [email protected] > -- Hug a tree before you print this e-mail
_______________________________________________ Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
