CustoSec:Check DHCP Device

From CustosecWiki
Jump to navigation Jump to search
caption
Basic Information on Check
Name of Check DHCP Server Technical Name check_dhcp_device
Available in All Systems Number of Arguments 1
From Version ARANSEC 1.0 Compability All ARANSEC and CustoSec




Scope of Check

Check to monitor if there is (are) a DHCP Server(s) available and working correctly on the network.

Requirements

For the check to work properly the following requirements must be met:

  • The check has to be configured as a service check for the host, that is working as the DHCP server.

Arguments

To configure the check, the following arguments are available:


Argument No. Argument Name Allowed Arguments Explanation Examples
Arg1 Interface string Interface of the local host (ARANSEC, CutsoSec) to be used to check for DHCP servers. This interface determines the subnet in which the query will be performed. On an ARANSEC or CustoSec System this would usually be eth1. !eth1

Returned Values of the Check

The Check returns the following values and information.

Status Output Remarks
OK OK: Received 1 DHCPOFFER(s), 1 of 1 requested servers responded, max lease time = 7200 sec. The request by the check was answered by the correct server with providing a dhcp lease. Tells us the DHCP Server is working correctly.
OK OK: Received 2 DHCPOFFER(s), 1 of 1 requested servers responded, max lease time = 7200 sec. The request by the check was answered by the correct server with providing a dhcp lease and another DHCP Server in the network.
WARNING - WARNING will not be issued
CRITICAL CRITICAL: Received 1 DHCPOFFER(s), 0 of 1 requested servers responded, max lease time = 7200 sec. This is the response, when there has been a DHCP offer from another server than the one where the service check was targeting. There are two possible reasons for this happening.
In most cases, the check is configured on the wrong host, thus targeting the wrong host. Since this "wrong" host does not answer with a lease, the request is broadcasted into the network, which leads to another DHCP Server to answer.
The other reason might be, the check is configured correctly but there are other DHCP Server(s) answering the request as well. This is a hint to come problems in the network.
CRITICAL CRITICAL: No DHCPOFFERs were received. This is the checks return, if there was no DHCP Server answering the request. There is no DHCP Server active in this network segment.