I'm thinking about building an (experimental) system that depends on realtime information from a 'standard' ISC DHCP server on a Linux box. I want to log (and process) events that are related to PXE clients trying to get address and boot information. So I'll need several additional attributes in my logging (i.e. the GUID and such). So when a system gets a new lease I would like my software to know about it immediately (lets just say < 5 seconds later).
Now I have something that places the required values in /var/log/messages so I can do something in the line of:
tail -f /var/log/messages | xargs processdhcpevents.sh
Is there a better solution? I've been looking for some kind of 'hook' in the dhcpd to handle events 'immediately' but I haven't found it yet. Does something like this exist? Or is my 'tail -f' solution the only way to do this?
Niels Basjes
Why not configure syslog to send the appropriate log messages to your program via a named pipe?
My solution for these tasks is to use OSSEC and configure an active-response when a desired event triggers. It is partially similar to your idea (using the logs), but with a much stronger framework and easily extensible...
Link: http://www.ossec.net
Similar to womble -- you can install syslog-ng and then have syslog-ng run your process on appropriate syslog lines.