Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PA DHCP log search

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

PA DHCP log search

L4 Transporter

Is there a way to do a specific search for and IP address or mac address in the DHCP logs? I can find and get into the logs but I have to manually look through all the logs to find what I need

1 accepted solution

Accepted Solutions

I found the the right syntax to search the DHCP logs on the PA

 

 grep mp-log pan_dhcpd.log pattern 192.xxx.xxx.xxx

View solution in original post

7 REPLIES 7

Cyber Elite
Cyber Elite

There is no way to look specify the DHCP logs through the GUI, and therefore you can only actually scroll through them like what you are doing now.

You can do it through the cli by doing a show dhcp server lease all | match IP/MAC and it'll give you the result that you are looking for; alternatively you can all sourt by the specific interface instead of specifying all, but since your piping the output it isn't going to matter much what you put it so I usually just leave all as the default 

yeah I was only doing it through the cli and doing a less mp-log pan_dhcp.log I just didn't know what the syntax was to search for a specific mac or IP address in the logs

Thats was good but it showed me who it was reserved too but not if the device actually has the IP currently

I'm not sure that this information is actively tracked on the PA; I really only run DHCP on small remote offices though so I'm not all that positive if this is correct, but it appears that my committed are pingable, my expired are not, and the reserved IPs obviously in use if they are assigned. 

Some of my committed and my reserved are pingable and in use. Some of them show lease times and some do not but the ones that do not show lease times are in use and active

I found the the right syntax to search the DHCP logs on the PA

 

 grep mp-log pan_dhcpd.log pattern 192.xxx.xxx.xxx

L7 Applicator

( subtype eq dhcp ) and ( description contains '34:12' ) 

( subtype eq dhcp ) and ( description contains '10.1.1.2' ) 

 

dhcp-mac.pngdhcp-ip.png

  • 1 accepted solution
  • 6345 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!