NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
FVS336Gv3 & FVS336Gv2: Is there a trick to getting CLI "show net lan dhcp logs" to show you the log?
I found the CLI manual for the FVS336Gv2 at http://www.downloads.netgear.com/files/GDC/FVS336GV2/FVS336Gv2_RM_18DEC14.pdf , and it shows a whole list of commands, including show net lan dhcp logs. Wh...
I inquired your concern to a higher tier of NETGEAR Support and got a feedback. Please read below:
I found the CLI manual for the FVS336Gv2 at http://www.downloads.netgear.com/files/GDC/FVS336GV2/FVS336Gv2_RM_18DEC14.pdf , and it shows a whole list of commands, including show net lan dhcp logs. When I run the show net lan dhcp leased_clients list command I get a nice long list of IP address and MAC address pairs, exactly what I expect. But when I run the show net lan dhcp logs command, nothing -- no output, no error message, it just gives me the prompt back. This is while I can connect to the router over the web interface and click on the "DHCP Log" link and the window comes up with lots of active traffic in the log.
As per the higher tier of NETGEAR Support, the CLI has a limited command set. Kindly refer to the SRX5308 CLI reference manual here. Most of the CLI commands on SRX5308 might work on FVS336Gv3.
If there are logs shown in the web-GUI, it should be also displayed via the CLI. It would be best to upgrade the firmware to the latest version. Also, try to clear out all logs from the web-GUI then let the logs begin again.
Another question -- I have many of these devices, and on some of them the dhcp log shown in the web interface goes back for hours and sometimes days, while on some the log is getting wiped out every minute or two. Is there any setting so that I can force the routers that are clearing the log every few minutes to stop doing that? Can I force them to leave the dhcp log alone for a couple of hours at least, so that I can come and copy it out every couple of hours, rather than having to "refresh" every couple of minutes? (Which is a full-time job, LOL!)
As per the higher tier of NETGEAR Support, on those devices where the logs refresh sooner, it is possible that they are receiving a higher volume of logs in a shorter space of time. There is a buffer which stores the logs (not sure what size it is) but once it is full it will clear out older messages to make room for new ones. If the logs are being spammed then the older logs will be cleared out sooner.
Do you have other log types being logged (i.e. Routing logs, System Logs) more so than the units where the logs last longer? If ever you are trying to troubleshoot a DHCP issue, you may try to disable all other logging to see if it can retain the DHCP logs for a longer timeframe.
Furthermore, if ever you have a Syslogs server (for example: Kiwi Syslog Server), you can try to enable Syslogs on both FVS336Gv2 & FVS336Gv2 and get the DHCP logs from there. In most cases, there is no limit on the output of syslogs. Kindly read pages 575-577 of the FVS336Gv3 reference manual here as well as read pages 571-573 of the FVS336Gv2 reference manual here on how to enable the Syslogs.
If the dhcp CLI interface is just broken, and the web interface is just broken, has anyone written a python script to scrape the web page for the DHCP logfile info every couple of minutes? Are you willing to share source code? (Next task just might be to learn how to do that...)
As per the higher tier of NETGEAR Support, this is something that is outside the scope of NETGEAR Support. However, let me share to you the article below and it might help:
NETGEAR Open Source Code for Programmers (GPL)
Regards,
DaneA
NETGEAR Community Team
I wanted to update this with some of the info that I have discovered.
First -- The telnet (CLI) interface command "show net lan dhcp logs" does occasionally return something. If there are any "local7.err" lines in the buffer when I run the command, they print out. This seems like a fairly straightforward bug in the CLI implementation, and I expect that it's not going to be fixed since this is a deprecated product.
Secondly -- I have written a script with curl commands that log into a router using the web interface and navigate to the DHCP page. Then the script uses grep to pick out the DHCP log lines, some perl one-liners to strip off the html, appends it to the previous DHCP log, and pipes it through sort and uniq to build a DHCP log over time. One of the things I like about the LAN Groups in the web interface is that it shows an * character next to the hosts that got their IP's via DHCP, so once I got the DHCP log scraper working it wasn't too much more work to scrape the LAN Groups data out, too. There I keep two files going -- one is LANgroups.curr.txt which has a snapshot at the time the scrape was run, while LANgroups.txt uses repeated apends followed by sort and uniq to get a cumulative listing of any hostname/IP/MAC triple that appeared over time. (I also discovered this way that the DHCP names evolve as hosts join a network. It's been an interesting learning experience!)
If anyone is interested in seeing the script, here it is:
#!/bin/bash
routerIP="$1"
filePath="$2"
username="$3"
password="$4"
echo $routerIP
mkdir -p $filePath
touch $filePath/dhcp.log
touch $filePath/LANgroups.txt
date
echo "$filePath starting up..."
curl -k "https://$routerIP/scgi-bin/platform.cgi" -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H "Referer: https://$routerIP/scgi-bin/platform.cgi?page=index.htm" -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' --data "thispage=index.htm&USERDBUsers.UserName=$username&USERDBUsers.Password=$password&USERDBDomains.Domainname=geardomain&button.login.USERDBUsers.router_status=Login&Login.userAgent=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10.13%3B+rv%3A61.0%29+Gecko%2F20100101+Firefox%2F61.0" -c $filePath/cookieJar > $filePath/addresses.html
curl -k "https://$routerIP/scgi-bin/platform.cgi?page=dhcp_logs.htm" -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H "Referer: https://$routerIP/scgi-bin/platform.cgi?page=lan_setup.htm" -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -b $filePath/cookieJar > $filePath/dhcp.html
curl -k "https://$routerIP/scgi-bin/platform.cgi?page=lan_groups.htm" -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H "Referer: https://$routerIP/scgi-bin/platform.cgi?page=dhcp_logs.htm" -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -b $filePath/cookieJar > $filePath/LANgroups.html
curl -k "https://$routerIP/scgi-bin/platform.cgi?page=index.htm" -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H "Referer: https://$routerIP/scgi-bin/js/lanGroups.js" -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -b $filePath/cookieJar > /dev/null
grep " \[DHCPD\]" $filePath/dhcp.html > $filePath/dhcp.txt
perl -p -i -e 's/^[^>]*>//g' $filePath/dhcp.txt
cat $filePath/dhcp.txt | grep "DHCPACK on " | grep "(" > $filePath/dhcp.int.txt
cat $filePath/dhcp.log $filePath/dhcp.int.txt > $filePath/dhcp.new
cat $filePath/dhcp.new | sort -k1M -k2 -k3 | uniq > $filePath/dhcp.log
grep "tb2New" $filePath/LANgroups.html > $filePath/LANgroups.int.txt
perl -p0 -i -e 's/\t\t\t\t\t\t\t\t\<td class\=\"tb2New w12\"\>\n\t\t\t\t\t\t\t\t\t<td class="tb2New">//g' $filePath/LANgroups.int.txt
perl -p0 -i -e 's/\<\/td\>\n\t\t\t\t\t\t\t\t\t\<td class\=\"tb2New\"\>/\t/g' $filePath/LANgroups.int.txt
perl -p0 -i -e 's/\tGROUP1\tDefault\<\/td\>\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\<td class\=\"tb2New\"\>//g' $filePath/LANgroups.int.txt
cat $filePath/LANgroups.int.txt | sort -n -t . -k1,1 -k2,2 -k 3,3 -k4,4 > $filePath/LANgroups.curr.txt
cat $filePath/LANgroups.int.txt $filePath/LANgroups.txt > $filePath/LANgroups.new
cat $filePath/LANgroups.new | sort -n -t . -k1,1 -k2,2 -k 3,3 -k4,4 | uniq > $filePath/LANgroups.txt
date
echo "$filePath ...done"
(Note that I strip out what I consider uninteresting DHCP traffic with the line
cat $filePath/dhcp.txt | grep "DHCPACK on " | grep "(" > $filePath/dhcp.int.txt
I'm only interested in lines that associate MAC addresses with DHCP names. If you want the entire log file, just skip that line and in the next line you would append $filePath/dhcp.txt rather than $filePath/dhcp.int.txt to make $filePath/dhcp.new)
(I use lots of intermediate files because it's easier to debug -- you can adapt this so that it doesn't spew files quite so badly.)
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
