Tweak kea-dhcp4.packets DEBUG logger to log DROP earlier
- name: Log DROP at lower DEBUG level in the packets logger.
- about: Log DROPs of packets at a lower level than debuglevel 50 so that other normal packets can be excluded. Also add MAC/DUID of the client being dropped to the main DROP log line.
It is difficult to find out what client's packets were DROPped. It is logged only at DEBUG level 50+ in the packets logger. This causes many normal packets to be logged as well which is not desirable due to increased load in production. The mac address of the dropped client is shown only a few lines later under options making it complicated to use tools like grep to find details.
Lower the required debuglevel in the packets logger to less than 50 for DROP packets. Add the hwaddr or duid of the dropped client to the DROP log line.
It is possible to infer that a client's packet was dropped by setting the dhcp4 logger at DEBUG severity - debuglevel 99 (possibly other levels - I didn't test to find the exact level) through lines like this:
kea-dhcp4.log:2023-05-17 11:43:18.000 DEBUG [kea-dhcp4.hosts/160776.281473732882448] HOSTS_CFG_GET_ALL_IDENTIFIER_HOST using identifier: hwaddr=000C0102030D, found host: hwaddr=000C0102030D ipv4_subnet_id=0 hostname=(empty) ipv4_reservation=(no) siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none) dhcp4_class0=DROP
kea-dhcp4.log:2023-05-17 11:43:18.000 DEBUG [kea-dhcp4.hosts/160776.281473732882448] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_HOST using subnet id 0 and identifier hwaddr=000C0102030D, found host: hwaddr=000C0102030D ipv4_subnet_id=0 hostname=(empty) ipv4_reservation=(no) siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none) dhcp4_class0=DROPHowever, this causes the dhcp4 logger to become quite noisy. It also may not cover all instances where a packet was DROPped.