Reference: DHCP Activity event message example - BlueCat Integrity - 9.5.0

{
    "payloadType": "DHCPv4Packet",
    "version": "1.0.0",
    "key": "f16e749a-259f-4cc4-a6a8-177dd8bb1180",
    "time": 1622143000500,
    "data": {
        "dhcpv4Message": {
            "op": 1,
            "hType": 1,
            "hLength": 6,
            "hops": 0,
            "xId": "0x7dc34467",
            "secs": 0,
            "flags": "0x0000",
            "ciaddr": "0.0.0.0",
            "yiaddr": "0.0.0.0",
            "siaddr": "0.0.0.0",
            "giaddr": "0.0.0.0",
            "chadd": "00:0c:29:45:c6:81",
            "options": [
                {
                    "optionId": 53,
                    "messageType": 1,
                    "messageTypeId": "DHCP Discover"
                },
                {
                    "optionId": 50,
                    "requestedAddr": "192.168.10.61"
                },
                {
                    "optionId": 12,
                    "hostName": "debian10"
                },
                {
                    "optionId": 61,
                    "iaid": "2945c681",
                    "duidType": 1,
                    "hwType": 1,
                    "time": 687777620,
                    "hwAddr": "00:0c:29:23:b6:c8"
                }
            ]
        }
    }
}

• payloadType—the event payload type. For DHCPv4 messages, the value is DHCPv4Packet.
• version—the event schema version.
• key—the unique event ID of the message.
• time—the time that the response message was received or sent by the DHCP server.
• data—the DHCP activity data available on the DHCP server. This includes the following information:
  • dhcpv4Message—the DHCP activity message:
    • op—the message OP code. The values can be the following:
      • 1—BOOTREQUEST
      • 2—BOOTREPLY
    • htype—the hardware address type, as outlined in RFC1340. The values can be the following:
      • 1—Ethernet (10Mb)
      • 2—Experimental Ethernet (3Mb)
      • 3—Amateur Radio AX.25
      • 4—Proteon ProNET Token Ring
      • 5—Chaos
      • 6—IEEE 802 Networks
      • 7—ARCNET
      • 8—Hyperchannel
      • 9—Lanstar
      • 10—Autonet Short Address
      • 11—LocalTalk
      • 12—LocalNet (IBM PCNet or SYTEK LocalNET)
      • 13—Ultra link
      • 14—SMDS
      • 15—Frame Relay
      • 16—Asynchronous Transmission Mode (ATM)
    • hLength—the hardware address length.
    • hops—the number of hops used by relay agents when booting.
    • xId—the transaction ID. This value is randomly chosen by the client.
    • secs—the number of seconds that have elapsed since the client began the address acquisition or renewal process.
    • flags—the unicast, broadcast, or other flags associated with the message, as outlined in RFC2131.
    • ciaddr—the client IP address. This field is only populated if the client is in BOUND, RENEW, or REBINDING state and can respond to ARP requests.
    • yiaddr—the client IP address of your device.
    • siaddr—the IP address of the next server to use in bootstrap.
    • chaddr—the client hardware address
    • options—the DHCP options associated with the message.

{
    "payloadType": "DHCPv6Packet",
    "version": "1.0.0",
    "key": "f16e749a-259f-4cc4-a6a8-177dd8bb1180",
    "time": 1622143000400,
    "data": {
        "dhcpv6Message": {
            "messageType": "Solicit",
            "messageTypeId": 1,
            "transactionId": "3c4180",
            "options": [
                {
                    "optionId": 1,
                    "duid": "0001000128fea754000c2923b6c8"
                },
                {
                    "optionId": 2,
                    "duid": "00010001297a0638000c290e1782"
                },
                {
                    "optionId": 8,
                    "elapsedTime": 0
                },
                {
                    "optionId": 3,
                    "iaid": "2945c681",
                    "t1": 3600,
                    "t2": 5400,
                    "iaNaOptions": [
                        {
                            "optionId": 5,
                            "ipv6Addr": "2000::400",
                            "preferredLifetime": 7200,
                            "VvalidLifetime": 10800
                        }
                    ]
                }
            ]
        }
    }
}

• payloadType—the event payload type. For DHCPv6 messages, the value is DHCPv6Packet.
• version—the event schema version.
• key—the unique event ID of the message.
• time—the time that the response message was received or sent by the DHCP server.
• data—the DHCP activity data available on the DHCP server. This includes the following information:
  • dhcpv6RelayMessage—the DHCP relay activity data available on the DHCP server. This includes the following information:
    • messageType—the message type. The values can be the following:
      • RELAY-FORW
      • RELAY-REPL
    • messageTypeId—the message type ID. The value can be one of the following:
      • 12—Relay Forward
      • 13—Relay Reply
    • hopCount—the number of relay agents that have relayed this message.
    • linkAddress—the address that may be used by the server to identify the link on which the client is located.
    • peerAddress—the address of the client or replay agent from which the relayed message was received.
    • options—the DHCP options associated with the message.
  • dhcpv6Message—the DHCP activity data available on the DHCP server. This includes the following information:
    • messageType—the message type. The values can be the following:
      • SOLICIT
      • ADVERTISE
      • REQUEST
      • CONFIRM
      • RENEW
      • REBIND
    • messageTypeId—the message type ID. The value can be an integer from 1 to 255.
    • transactionId—the transaction ID of the message exchange.
    • options—the DHCP options associated with the message.