DHCP Message Mapping
- Shirly Tsang
- Sri Raghu
This topic contains information about supported fields in DHCP log messages for Universal DDI. It also contains corresponding field elements in CEF and LEEF formats via the syslog protocol and Splunk CIM via Splunk forwarder.
Note
CEF and LEEF messages use standard headers, as described below.Â
CEF Message header
CEF:0|Infoblox|Data Connector|1.0.0|DHCP-LEASE-$LeaseOp|DHCP Lease $LeaseOp|1 |
You can find LeaseOp values in the table below.Â
LEEF Message header
LEEF:1.0|Infoblox|Data Connector|1.0.0|DHCP-LEASE-$LeaseOp |
You can find LeaseOp values in the table below.Â
The following table contains supported fields in DHCP logs for Universal DDI and their corresponding field elements for other supported message formats.Â
Internal field | Product | CEF | LEEF | Splunk CIM | Description |
|---|---|---|---|---|---|
Cltt | B1DDI | timestamp* | timestamp* | timestamp* | Date/Time |
B1DDI | cat | cat | DHCP Lease $LeaseOp | ||
B1DDI | app | app | DHCP | ||
NIOS-X Server (based on NIOS-X ServerID) | B1DDI | InfobloxNIOS-X Server | InfobloxNIOS-X Server | infoblox_NIOS-X Server | NIOS-X Server name of the DHCP server (on-prem NIOS-X Server) |
NIOS-X ServerIP (based on NIOS-X ServerID) | B1DDI | dst | dst | infoblox_ip | IP of the DHCP Server (on-prem NIOS-X Server) |
IPSpace (based on subnet uuid or lease uuid) | B1DDI | InfobloxIPSpace | InfobloxIPSpace | dhcp_ip_space | IP Space name |
Subnet | B1DDI | InfobloxSubnet | InfobloxSubnet | dhcp_subnet | Subnet in CIDR format |
RangeStart | B1DDI | InfobloxRangeStart | InfobloxRangeStart | dhcp_range_start | DHCP range start |
RangeEnd | B1DDI | InfobloxRangeEnd | InfobloxRangeEnd | dhcp_range_end | DHCP range end |
LeaseOp | B1DDI | InfobloxLeaseOp | InfobloxLeaseOp | action | Update, Delete, Abandon |
Address | B1DDI | src | src identSrc | dest dest_ip | IP address |
HWAddr | B1DDI | smac | srcMAC | dest_mac | MAC address, colon separated hexadecimal |
ClientID | B1DDI | InfobloxClientID | InfobloxClientID | client_id | ClientID, colon separated hexadecimal |
DUID | B1DDI | InfobloxDUID | InfobloxDUID | dest_duid | IPv6 DUID. Future releases. |
NIOS-X Server name | B1DDI | sNIOS-X Server | identNIOS-X Server name | dest_nt_NIOS-X Server | NIOS-X Server name used by client |
Lifetime | B1DDI | InfobloxLifetime | InfobloxLifetime | lease_duration | The lifetime of the lease allocated by server |
LeaseUUID | B1DDI | InfobloxLeaseUUID | InfobloxLeaseUUID | dhcp_lease_uuid | Lease UUID |
FingerprintProcessed | B1DDI | InfobloxFingerprintPr | InfobloxFingerprintPr | dhcp_fingerprinted | true/false |
Fingerprint | B1DDI | InfobloxFingerprint | InfobloxFingerprint | dhcp_fingerprint | DHCP Fingerprint |
Options | InfobloxDHCPOptions | InfobloxDHCPOptions | dhcp_options | "Option_Code1=Option_Value1;Option_Code2=Option_Value2;...;Option_CodeN=Option_ValueN" | |
- | B1DDI | vendor_product | For CIM: Infoblox Universal DDI | ||
B1DDI | signature | "DHCP lease" |