Configuring DHCP Statistics - BlueCat Address Manager - 9.4.0

Address Manager Administration Guide

Locale
English (United States)
Product name
BlueCat Address Manager
Version
9.4.0

The following section outlines the steps to configure DHCP Statistics. If you are configuring DHCP Statistics to send data to a Splunk server, ensure that you have the Splunk HTTP Event Collector (HEC) host and token information.

To configure DHCP Statistics on a DNS/DHCP Server:

  1. From the configuration drop-down menu, select a configuration.
  2. Select the Servers tab.
  3. Under Servers, click the name of a BDDS. The Details tab for the server opens.
  4. Click the server name menu and select Service Configuration.
  5. From the Service Type drop-down menu, select DHCP Statistics under the Health Telemetry section. Address Manager queries the server and returns the current values for the service settings.
  6. Under General Settings, set the following parameters:
    • Enable DHCP Statistics—select this check box to enable DHCP Statistics service; deselect this check box to disable DHCP Statistics service.
      Note: When you enabled DHCP Statistics, the firewall rules on the DNS/DHCP Server are modified to allow egress to the specified URI endpoint. Outbound traffic is allowed for the specified IP address.
    • Under Protocols, select the DHCPv4 check box to retrieve DHCPv4 statistics information or select the DHCPv6 check box to retrieve DHCPv6 statistics information.
    • Output Type—select where the DHCP Statistics data will be logged. You can select HTTP to log data to an HTTP endpoint or Splunk to log data to a Splunk server.
      If you select HTTP, the following fields appear:
      • Output URI—enter the URI of the HTTP endpoint that will be consuming the DHCP statistics information.
        Note:
        • BlueCat recommends entering the IP address of the endpoint in this field. If you are entering a hostname, you must use a different DNS server as the resolver for that host. The DNS/DHCP server you are configuring DHCP statistics on can still be used as a resolver for clients, but cannot be used as a resolver for its own OS related lookups.
        • If the domain name is used in the URI, you must ensure that the domain name can be resolved on the DNS/DHCP Server using nslookup or an entry in /etc/hosts.
        • If you have round-robin DNS load balancing configured, the firewall is set for all IP addresses returned for the specified domain and outbound TCP connections are allowed for all IP addresses.
      • Bearer Token (Optional)—enter the bearer token used to authenticate with the HTTP endpoint.
      • Healthcheck—select this check box to enable health check service; deselect this check box to disable health check service. Upon initialization, the healthcheck ensure that the downstream service is accessible and can accept the DHCP statistics data.
      • Healthcheck URI—enter the URI of the HTTP endpoint that will be consuming the health check information.
      If you select Splunk, the following fields appear:
      • Host—enter the URI of the Splunk HEC host. The standard format of the HEC URI in Splunk Enterprise is as follows:
        <protocol>://<host>:<port>
        Note:
        • BlueCat recommends entering the IP address of the endpoint in this field. If you are entering a hostname, you must use a different DNS server as the resolver for that host. The DNS/DHCP server you are configuring DHCP statistics on can still be used as a resolver for clients, but cannot be used as a resolver for its own OS related lookups.
        • If the domain name is used in the URI, you must ensure that the domain name can be resolved on the DNS/DHCP Server using nslookup or an entry in /etc/hosts.
      • Token—enter the Splunk HEC token.
      • Healthcheck—select this check box to enable health check service; deselect this check box to disable health check service. Upon initialization, the healthcheck ensure that the downstream service is accessible and can accept the DHCP statistics data.
        Note: When selecting this check box, the DNS/DHCP Server uses the default Splunk healthcheck endpoint at /services/collector/health/1.0.
      Note: The URI of the Output URI, Healthcheck URI, and Host fields must follow the format outlined in RFC2396.
    • TLS Options—select this check box to configure TLS options.
      Attention: If you enter a HTTPS endpoint in the Output URI or Healthcheck URI field when configuring HTTP as the Output Type, or enter a HTTPS URI in the Host field when configuring Splunk as the Output Type, you must select this check box and enter TLS information.
      • Under CA Certificate Upload, click Browse and locate the CA certificate used to verify server certificate during TLS handshake.
        Note: The file must be in PEM format.
      • Click Upload to upload the CA certificate.
      • Select the Verify Certificate check box to force verification of the server certificate during the TLS handshake using the CA certificate that was entered.
      • Select the Verify Hostname check box to validate the hostname part of the URI against the CN (Common Name) or SAN (Subject Alternative Name) of the server certificate during the TLS handshake.
  7. Under Buffer, set the following parameters:
    • Max Events—enter the maximum number of DHCP statistics events to be stored in the memory buffer. The maximum value is 188,235,000 events.
  8. Click Update.
    If you do not have DHCP service deployed to the DNS/DHCP Server, after you click Update, you must perform a DHCP deployment on the DNS/DHCP Server for DHCP Statistics events to be generated. If DHCP service is already configured on the DNS/DHCP Server, the DHCP Statistics service is enabled upon clicking Update.

    Under DHCP Statistics Status, you can verify whether the DHCP Statistics log service is running on the DNS/DHCP Server.

    The service batches data that is sent to the configured destination. Batches are flushed from the system and sent to the configured destination when the age of the batch reaches 1 second, or when the size of the batch reaches 1049000 bytes.

    If the service receives an HTTP response status code of 429 or greater than 500 except for 501, the service attempts to retry sending the failed request 5 times. If the service still cannot send the failed request after 5 attempts, the event message is dropped and an error message is logged.

Once you have enabled DHCP Statistics, the service begins collecting statistics information and forwarding the events to the selected destination. If you enabled DHCP Statistics service on an xHA pair, the primary node captures DHCP statistics information.
Note: If you do not see any statistics event information being forwarded to the selected destination, verify that DHCP Statistics has been configured and deployed to the DNS/DHCP Server.

In the event of a service disruption, such as a network error or the system crashes, DHCP Statistics service attempts to mitigate event loss. If you enable the Disk buffer type, in the event that the system goes down, the messages are copied to disk and sent when the service is restored. In the event of network connectivity issues, the service retries failed requests. There might be a loss of data if the DHCP Statistics process stops on the DNS/DHCP Server while DHCP service is running and processing DHCP statistics.