Hi All, I would like to use the information from the DHCP server to add additional information to the other log files. Not sure where to best do this in the ELK stack however assume Elasticsearch would be it. So what I have is the one log file from the DHCP server that contains:
IP Address
Username
Serial number
IP assignment state
Etc.
Now I have numerous files from the DNS and Proxy where I would like to use the IP address to add the username, serial number, etc. to the DNS information and proxy information. The DHCP server has been modified to also add information “IP assignment state“ when the IP is assigned and when it is disconnected as the leases are 0 so within seconds a different user can use the same IP address.
So is it possible to use the DHCP file to add the Username, serial number, etc. to the DNS and Proxy log files using the IP address information when assigned and when assignment has been terminated?
You'd have to write something to parse the DHCP file and apply it during log ingestion. The Logstash translate filter would be a good place to start looking.
Why I thought Elasticsearch is the place to do this is due to the DHCP server only sends information as it happens. So it can be days where the IP is assigned, how would logstash maintain such data? Is Elasticsearch not able to maintain this data only logstash?
How would it do that though?
Not sure, however will logstash be able to do this?
Like I said, something like the translate filter.
But you'd have to build it, it's not anything currently available that I know of.