Creating DHCP Email Alerts
Stay informed of DHCP activity (FreeBSD 5.2)
Posted 02.10.2005 | Updated 19.04.2008 | Contributed by Andy Mallett


Following on from the DHCP Service Configuration, I have implemented a number of tweaks in terms of logs and alerts. This latest tweak involves gettting the DHCP Server to send out SMS messages.

It is based on the scheduled Email Alerter Script from Part I and marries this with my SMS and Email Out script.

A familiarity with these references is necessary before continuing.

Requirement

The DHCP Server will page me if a system with an unknown MAC Address attempts to join the network

To start with: a Summary

The story so far.. The DHCP Server (aka Vampyre) gives out reserved IP Adresses to known MAC Addresses on a continuous basis. It will also give out an IP Address from a specified range to a requesting node which does not have a known MAC. The latter of these two events is recorded in the dhcpd.leases file.

A separate script dhalert.sh runs as a cron job and constantly monitors the size of the above file. In the event of a new entry being added, the dhcpd.leases file grows past a specified size and the alerter script sends me an email.

Using the newly developed SMS Alert system, I will also get an SMS to my mobile phone.

The original mail script, dhalert.sh is used, but with some modifications as it emails me every five minutes. I don't really need to be emailed more than once and this is also certainly true for receiving a paged alert. So firstly dhalert.sh is modified to only send me a single email.. 

#/bin/sh
#Andys DHCP Alerter Script

cd /root
if [ -f go ]
then

 cd /var/db
 touch dhcpd.leases~
 rm dhcpd.leases~
 if [ $(ls -la | grep dhcpd.leases | cut -c 36-41) -gt "500" ]; then
 mailx -s "Warning: New IP Address Allocated.." andym < dhcpd.leases
 cd /root
 rm go
 fi

else
echo
fi


In the above script, I have introduced a few changes. These address some of the problems with the previous version. Firstly, there is another if loop. At this first, new if loop, the script first tests for the existence of a file named go inside root's home directory. If /root/go does exist, then the script then goes on to measure the size of the dhcpd.leases script, just like it used to.

If the second, original if condition is true and this file is over 500 bytes in size, then I still get the email. However after emailing me, the script then deletes the go file from root's home directory. This means that when the script runs again, the first if statement will not find /root/go and will thus else to the end of the script.

To summarise, I only get mailed if that little go file exists. If I do get emailed, that file gets deleted at the same time. Hence one email only.

Second change is the cut -c 36-39, which replaces the previous columns as this is now running on a different system and the ls command results in slightly different character spacing.

Thirdly the touch dhcpd.leases~ command runs before the delete command, as I was getting emailed if the file didn't exist when the script tried to delete it. However, interestingly there's no error if you try to create it and it already exists, so we try and create it and then delete it again. If it was there in the first place, it is deleted. End of story: dhcpd.leases~ is gone!

Problems with cron

Another issue is that cron wants to send an email every time it runs. This also resulted in a new email every 15 minutes, or however often it ran. To fix this, redirect the output of cron (i.e. the automatic and unwanted email) to /dev/null which is secret code for "send it out into the ether, never to be seen again".. 

crontab   -e

00,15,30,45 * * * * /bin/dhalert.sh >/dev/null


The SMS Script

As the SMS system is basically based on the email system, it's easy to plug in an extra script on a new line - sms1.sh - so that I get emailed and then the SMS message. Nothing else changes.. 

#/bin/sh
#Andys DHCP Alerter Script

cd /root
if [ -f go ]
then

 cd /var/db
 touch dhcpd.leases~
 rm dhcpd.leases~
 if [ $(ls -la | grep dhcpd.leases | cut -c 36-41) -gt "500" ]; then
 mailx -s "Warning: New IP Address Allocated.." andym < dhcpd.leases
 cd /root
 rm go
 ./sms1.sh

 fi

else
echo
fi


The SMS script, sms1.sh also sits in root's home directory.. 

#!/bin/sh
#Andy's DHCP SMS Script

/usr/local/sbin/sendEmail -f username@domain.net \
                          -t 0409andysMobileNo@messagenet.com.au \
                          -s sendmail.mallett.net \
                          -xu andys_username \
                          -xp andys_password \
                          -u "12345 IT.NET:  Intruder Alert! " \
                          -m "New Host in System.."


Note the full path to the sendEmail PERL script. This is required as cron runs in the sh shell and not bash. You will of course, also have to recreate that /root/go file afterwards:

touch  /root/go

The truly eager could really tart this up even more and get it to send the actual MAC Address of the new system, but I don't think that's really necessary. Just getting this SMS is enough to send an administrator scampering to the system log where all will be revealed..

Further Refinements

Here is a total non-maintenance setup, using the same script with some modifications. Here, crontab runs the script every 10 minutes and simply tests the dhcpd.leases file for being over a specified size. If it is oversize then it gets copied to a directory /var/db/logs/ and renamed to a filename with the date and time in reverse order - 2008-04-19:1410. The original dhcpd.leases is then deleted and recreated with a zero-byte file size, ready for the script to test it again next time it runs. 

#/bin/sh
#Andys DHCP Alerter Script

cd /var/db
touch dhcpd.leases~
rm dhcpd.leases~

if [ $(ls -la | grep dhcpd.leases | cut -c 38-41) -gt "10" ]; then
mailx -s "Warning: New IP Address Allocated.." andym < dhcpd.leases

cp dhcpd.leases /var/db/logs/`date +%Y-%m-%d:%H%M`
rm dhcpd.leases
touch dhcpd.leases

fi


Modify crontab accordingly for frequency of checking.