DHCP Statistics - BlueCat Address Manager - 9.4.0

Address Manager API Guide

Locale
English (United States)
Product name
BlueCat Address Manager
Version
9.4.0

The DHCP Statistics service uses a monitoring module that runs on the DNS/DHCP Server to collect statistics by sniffing DHCP packets. You can use these metrics for troubleshooting and identifying anomalies or misconfiguration in your DHCP environment.

When enabled, DHCP statistics information is collected by the DNS/DHCP Server based on the configured parameters and sent to a configured destination. You can choose to send the information to a Splunk™ server or HTTP endpoint, such as a data lake.
Attention:
  • You can only enable this service on DNS/DHCP Server v9.4.0 or greater.

Example HTTP endpoint configuration

{
    "version": "1.1.0",
    "services": {
        "dhcpStatistics": {
            "configurations": [
                {
                    "dhcpStatisticsConfiguration": {
                        "sources": [
                            {
                                "enableDhcpV6": false,
                                "enableDhcpV4": true,
                                "type": "dhcp-statistics"
                            }
                        ],
                        "sinks": [
                            {
                                "healthCheck": false,
                                "buffer": {
                                    "maxEvents": 5,
                                    "type": "memory"
                                },
                                "type": "http",
                                "uri": "http://10.244.104.131"
                            }
                        ],
                        "enable": true
                    }
                }
            ]
        }
    }
}

Example Splunk endpoint configuration

{
    "version": "1.1.0",
    "services": {
        "dhcpStatistics": {
            "configurations": [
                {
                    "dhcpStatisticsConfiguration": {
                        "sources": [
                            {
                                "enableDhcpV6": false,
                                "enableDhcpV4": true,
                                "type": "dhcp-statistics"
                            }
                        ],
                        "sinks": [
                            {
                                "type": "splunk_hec",
                                "host": "https://10.0.0.1:9002",
                                "token": "MghrvMTU4NjIyMzA0NjYxMzpwb3J0YWxVc2Vy",
                                "healthCheck": true,
                                "buffer": {
                                    "maxEvents": 5,
                                    "type": "memory"
                                },
                                "tls": {
                                    "caCert": "<certificate_content>",
                                    "verifyCertificate": true,
                                    "verifyHostname": true
                                }
                            }
                        ],
                        "enable": true
                    }
                }
            ]
        }
    }
}
Parameters
  • Under sources, enter the following information:
    • type—enter the name of the DNS/DHCP Server Service. This must be set to dhcp-statistics.
    • enableDhcpV4—set to true to enable the collection of DHCPv4 statistics; set to false to disable the collection of DHCPv4 statistics.
    • enableDhcpV6—set to true to enable the collection of DHCPv6 statistics; set to false to disable the collection of DHCPv6 statistics.
  • Under sinks, enter the following information:
    • type—enter where the DHCP Statistics data will be logged. You can enter http to log data to an HTTP endpoint or splunk_hec to log data to a Splunk server.
      If you enter http, enter the following additional parameters:
      • uri—enter the URI of the HTTP endpoint that will be consuming the DHCP statistics information.
        Note:
        • BlueCat recommends entering the IP address of the endpoint in this field. If you are entering a hostname, you cannot use this DNS/DHCP Server as a DNS resolver.
        • If the domain name is used in the URI, you must ensure that the domain name can be resolved on the DNS/DHCP Server using nslookup or an entry in /etc/hosts.
        • If you have round-robin DNS load balancing configured, the firewall is set for all IP addresses returned for the specified domain and outbound TCP connections are allowed for all IP addresses.
      • token—enter the bearer token used to authenticate with the HTTP endpoint. This field is optional.
      • healthCheck—set to true to enable health check service; set to false to disable health check service. Upon initialization, the healthcheck ensure that the downstream service is accessible and can accept the DHCP statistics data.
      • healthCheckUri—enter the URI of the HTTP endpoint that will be consuming the health check information.
      If you enter splunk_hec, enter the following additional parameters:
      • host—enter the URI of the Splunk HEC host. The standard format of the HEC URI in Splunk Enterprise is as follows:
        <protocol>://<host>:<port>
        Note:
        • BlueCat recommends entering the IP address of the endpoint in this field. If you are entering a hostname, you cannot use this DNS/DHCP Server as a DNS resolver.
        • If the domain name is used in the URI, you must ensure that the domain name can be resolved on the DNS/DHCP Server using nslookup or an entry in /etc/hosts.
      • token—enter the Splunk HEC token.
      • healthCheck—set to true to enable health check service; set to false to disable health check service. Upon initialization, the healthcheck ensure that the downstream service is accessible and can accept the DHCP statistics data.
        Note: When selecting this check box, the DNS/DHCP Server uses the default Splunk healthcheck endpoint at /services/collector/health/1.0.
      Note: The URI of the uri, healthCheckUri, and host fields must follow the format outlined in RFC2396.
    • When configuring buffer settings, enter the following parameters:
      • type—enter the buffer type where DHCP statistics events are stored until they are processed. Once the buffer is full, the newest events are dropped.
        • memory—DHCP statistics events that have not been processed are stored in the memory of the DNS/DHCP Server. If you select memory, enter the following additional parameter:
          • maxEvents—enter the maximum number of DHCP statistics events to be stored in the buffer. The maximum value is 188,235,000 events.
    • When configuring tls settings, enter the following parameters:
      • caCert—enter the content of CA certificate used to verify the server certificate during the TLS handshake. The caCert must be in PEM format.
      • verifyCertificate—set to true to force verification of the server certificate during the TLS handshake using the CA certificate that was entered; set to false if you do not want to verify the server certificate.
      • verifyHostname—set to true to validate the hostname section of the URI against the CN (Common Name) or SAN (Subject Alternative Name) of the server certificate during the TLS handshake; set to false if you do not want to perform this validation.
  • enable—set to true to enable DHCP statistics service; set to false to disable DHCP statistics service.
    Note: When you enabled DHCP Statistics, the firewall rules on the DNS/DHCP Server are modified to allow egress to the specified URI endpoint. Outbound traffic is allowed for the specified IP address.