Get all new dhcp leases, but only the new leases since last check in bash

I needed to make a bash script for work that got the ip address of all new leases in the dhcp server, but only the new ones.
I spend some time looking for something useful, and therefore I decided to write a short post here to help others since i had a hard time finding it (maybe my google-fu is not as good as it should be)
The script had to do the following:
1. Get all new lines from a log file since last run
2. Get the ip addresses of the new leases
3. Do some stuff with the new ip addresses. This will not be part of this post
4. Run every minute in cron. This will also not be part of this post
In this post I will only cover how i did 1 and 2.

1. Get all new lines from a log file since last run

To do this, i found some software called “logtail”, it’s really easy to use and very, very handy.
Install it on CentOS by installing the package “logcheck”, that package contains the “logtail” program:

yum install logcheck

Install it on Debian by installing the package “logtail”:

apt-get install logtail

If you want to test it out, run the following command:

logtail -f /var/log/message

Doing so, will output every line of the file, just like cat does. But now wait until there should be new lines in the log file, and run the same command again. See, now it only ouputs the new lines since the first time you ran the command! brilliant! – Makes life so much easier!

2. Get the ip addresses of the new dhcp leases

Now we need some scripting to get the info we want from the log file and filter out everything else.

#!/bin/bash
# This program scans the /var/log/messages file for new dhcp leases
# If new leases is found, you can do something with it, see comments in script
# Script was made by dev-random.net
#Make sure this script is not already running
lf=/var/lock/look_for_new_devices.lock
# create empty lock file if none exists
touch $lf
read lastPID < $lf
# if lastPID is not null and a process with that pid exists , exit
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
# save my pid in the lock file
echo $$ > $lf
#Endless loop.
while true; do
	#example line from log: Dec  5 10:28:26 router dhcpd: DHCPOFFER on 172.16.1.207 to 00:00:00:00:00:00 (hostname) via eth1.21
	IPS=`logtail -f /var/log/messages | grep "DHCPOFFER on" | awk '{ print $8 }'`
	#for each ip found in the log that was send out as a dhcp offer
	for ip in $IPS; do
		echo "IP: $ip"
		#Do your magic with the ip here
		#I am running another script to scan the ip and put it into a database so I can use it for other fun stuff like searching in a web interface.
	done
	#sleep a little while to allow something to happen before we check again
        #This script will check for new ip's in the log file every 10 seconds and execute whatever you tell it to do when a new ip is found.
	sleep 10
done

Just save the above script in a file on the server where you installed logtail, make it executeable using the command below, and then run it. it should output all leases the first time, and only the new once the second time it runs.

chmod +x 

Leave a Reply

Your email address will not be published.