Reference: DHCP Activity event message example - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.5.0

The following section outlines an example event message that is sent from the DHCP Activity service to the configured HTTP endpoint, Splunk server, Kafka cluster, or Elasticsearch server. You can configure the endpoint to retrieve specific information from the DHCP Activity event message to monitor the health of your DHCP environment.

Example DHCPv4 packet message
{
    "payloadType": "DHCPv4Packet",
    "version": "1.0.0",
    "key": "f16e749a-259f-4cc4-a6a8-177dd8bb1180",
    "time": 1622143000500,
    "data": {
        "dhcpv4Message": {
            "op": 1,
            "hType": 1,
            "hLength": 6,
            "hops": 0,
            "xId": "0x7dc34467",
            "secs": 0,
            "flags": "0x0000",
            "ciaddr": "0.0.0.0",
            "yiaddr": "0.0.0.0",
            "siaddr": "0.0.0.0",
            "giaddr": "0.0.0.0",
            "chadd": "00:0c:29:45:c6:81",
            "options": [
                {
                    "optionId": 53,
                    "messageType": 1,
                    "messageTypeId": "DHCP Discover"
                },
                {
                    "optionId": 50,
                    "requestedAddr": "192.168.10.61"
                },
                {
                    "optionId": 12,
                    "hostName": "debian10"
                },
                {
                    "optionId": 61,
                    "iaid": "2945c681",
                    "duidType": 1,
                    "hwType": 1,
                    "time": 687777620,
                    "hwAddr": "00:0c:29:23:b6:c8"
                }
            ]
        }
    }
}
Parameters
  • payloadType—the event payload type. For DHCPv4 messages, the value is DHCPv4Packet.
  • version—the event schema version.
  • key—the unique event ID of the message.
  • time—the time that the response message was received or sent by the DHCP server.
  • data—the DHCP activity data available on the DHCP server. This includes the following information:
    • dhcpv4Message—the DHCP activity message:
      • op—the message OP code. The values can be the following:
        • 1—BOOTREQUEST
        • 2—BOOTREPLY
      • htype—the hardware address type, as outlined in RFC1340. The values can be the following:
        • 1—Ethernet (10Mb)
        • 2—Experimental Ethernet (3Mb)
        • 3—Amateur Radio AX.25
        • 4—Proteon ProNET Token Ring
        • 5—Chaos
        • 6—IEEE 802 Networks
        • 7—ARCNET
        • 8—Hyperchannel
        • 9—Lanstar
        • 10—Autonet Short Address
        • 11—LocalTalk
        • 12—LocalNet (IBM PCNet or SYTEK LocalNET)
        • 13—Ultra link
        • 14—SMDS
        • 15—Frame Relay
        • 16—Asynchronous Transmission Mode (ATM)
      • hLength—the hardware address length.
      • hops—the number of hops used by relay agents when booting.
      • xId—the transaction ID. This value is randomly chosen by the client.
      • secs—the number of seconds that have elapsed since the client began the address acquisition or renewal process.
      • flags—the unicast, broadcast, or other flags associated with the message, as outlined in RFC2131.
      • ciaddr—the client IP address. This field is only populated if the client is in BOUND, RENEW, or REBINDING state and can respond to ARP requests.
      • yiaddr—the client IP address of your device.
      • siaddr—the IP address of the next server to use in bootstrap.
      • chaddr—the client hardware address
      • options—the DHCP options associated with the message.
Example DHCPv6 packet message
{
    "payloadType": "DHCPv6Packet",
    "version": "1.0.0",
    "key": "f16e749a-259f-4cc4-a6a8-177dd8bb1180",
    "time": 1622143000400,
    "data": {
        "dhcpv6Message": {
            "messageType": "Solicit",
            "messageTypeId": 1,
            "transactionId": "3c4180",
            "options": [
                {
                    "optionId": 1,
                    "duid": "0001000128fea754000c2923b6c8"
                },
                {
                    "optionId": 2,
                    "duid": "00010001297a0638000c290e1782"
                },
                {
                    "optionId": 8,
                    "elapsedTime": 0
                },
                {
                    "optionId": 3,
                    "iaid": "2945c681",
                    "t1": 3600,
                    "t2": 5400,
                    "iaNaOptions": [
                        {
                            "optionId": 5,
                            "ipv6Addr": "2000::400",
                            "preferredLifetime": 7200,
                            "VvalidLifetime": 10800
                        }
                    ]
                }
            ]
        }
    }
}
Parameters
  • payloadType—the event payload type. For DHCPv6 messages, the value is DHCPv6Packet.
  • version—the event schema version.
  • key—the unique event ID of the message.
  • time—the time that the response message was received or sent by the DHCP server.
  • data—the DHCP activity data available on the DHCP server. This includes the following information:
    • dhcpv6RelayMessage—the DHCP relay activity data available on the DHCP server. This includes the following information:
      • messageType—the message type. The values can be the following:
        • RELAY-FORW
        • RELAY-REPL
      • messageTypeId—the message type ID. The value can be one of the following:
        • 12—Relay Forward
        • 13—Relay Reply
      • hopCount—the number of relay agents that have relayed this message.
      • linkAddress—the address that may be used by the server to identify the link on which the client is located.
      • peerAddress—the address of the client or replay agent from which the relayed message was received.
      • options—the DHCP options associated with the message.
    • dhcpv6Message—the DHCP activity data available on the DHCP server. This includes the following information:
      • messageType—the message type. The values can be the following:
        • SOLICIT
        • ADVERTISE
        • REQUEST
        • CONFIRM
        • RENEW
        • REBIND
      • messageTypeId—the message type ID. The value can be an integer from 1 to 255.
      • transactionId—the transaction ID of the message exchange.
      • options—the DHCP options associated with the message.