Iplog: a plugin to log ip addresses for a vde switch
iplog is a vde_switch plugin. It is able to log the IPv4/IPv6 addresses in use on the network. Each time a new IP address is used on the network (or the same address comes from a different port), the plugin writes a log message including the IP address, the port and the id of the user owner of the port. iplog is included in the svn tree.
Using iplog it is possible to leave a virtual network open for the users. The owner of an IP address can be found from the log files. It is possible to limit the logging to some ranges of IP addresses (usually the addresses routed to the Internet), so that information about IP addresses used only for local data exchange does not mess up the log files.
The management command to load iplog is:
vde$ plugin/add iplog
iplog defines the following commands:
vde$ help iplog COMMAND PATH SYNTAX HELP ------------ -------------- ------------ iplog ============ IP/Mac/User Logging iplog/showinfo Show info on logging iplog/logfile pathname Set the logfile iplog/ipadd ipaddr/mask add an ipv4/v6 range iplog/ipdel ipaddr/mask del an ipv6/v6 range iplog/list list ip ranges iplog/setgcint N change garbage collector interval iplog/setexpire N change iplog entries expire time iplog/iplist list active IP iplog/ipport port list active IP on a port iplog/ipuser user list active IP of a user iplog/ipsearch ipaddr search an IP address
vde$ iplog/showinfo iplog: ip/port/user logging plugin log disabled GC interval 10 secs GC expire 360 secs Success
logging is initially disabled and the default persistence of ip addresses is 6 minutes, the scan for unused addresses take place each 10 seconds. It means an IP address is not used for more than 6 minutes it is reported as a new address.
iplog can write its output on a file or on syslog the command is the following (use file '-' for syslog):
vde$ iplog/logfile /tmp/iplog vde$ iplog/showinfo ... log on file /tmp/iplog vde$ iplog/logfile - vde$ iplog/showinfo ... log on syslog
iplog logs the ip addresses that match one of the logging ranges. The list of logging ranges is initially empty:
vde$ iplog/list Success
Ipv4 or ipv6 ranges can be added and removed:
vde$ iplog/ipadd 10.1.0.0/16 vde$ iplog/ipadd 192.168.1.0/24 vde$ iplog/ipadd 2001:0:0:1::/64 vde$ iplog/list ipv4: 10.1.0.0/16 ipv4: 192.168.1.0/24 ipv6: 2001:0:0:1::/64 Success vde$ iplog/ipdel 10.1.0.0/16 vde[/var/run/vde.mgmt/mgmt]: iplog/list ipv4: 192.168.1.0/24 ipv6: 2001:0:0:1::/64 Success
It is possible to log all the ip addresses: just add /0 addresses:
vde$ iplog/ipadd 0.0.0.0/0 vde$ iplog/ipadd ::/0 vde$ iplog/list ipv4: 0.0.0.0/0 ipv6: ::/0 Success
The log entries have the following structure:
Jan 15 17:31:49 ipv4 18.104.22.168 port=1 vlan=0 user=(none) "tap0" Jan 15 17:31:49 ipv4 22.214.171.124 port=2 vlan=0 user=renzo "vde_plug: user=renzo PID=29258" Jan 15 17:32:34 ipv6 fe80::acef:fcff:fe92:eddb port=2 vlan=0 user=renzo "vde_plug: user=renzo PID=29258"
It is possible to list and search the database of the ip addresses currently stored:
vde$ iplog/iplist ipv4 126.96.36.199 port=2 user=renzo ipv4 188.8.131.52 port=1 user=(none) ipv6 fe80::acef:fcff:fe92:eddb port=2 user=renzo Success vde$ iplog/ipport 2 ipv4 184.108.40.206 port=2 user=renzo ipv6 fe80::acef:fcff:fe92:eddb port=2 user=renzo Success vde$ iplog/ipsearch 220.127.116.11 ipv4 18.104.22.168 port=2 user=renzo Success vde$ iplog/ipuser renzo ipv4 22.214.171.124 port=2 user=renzo ipv6 fe80::acef:fcff:fe92:eddb port=2 user=renzo Success
iplog provides also a debugging entry (newip). When active, iplog reports live also on console the appearance of new ip addresses.
vde$ debug/list CATEGORY TAG STATUS HELP ------------ --- ------ ---- ... iplog/newip 301 OFF show new ip addresses Success vde$ debug/add iplog/newip Success vde$ debug/list CATEGORY TAG STATUS HELP ------------ --- ------ ---- ... iplog/newip 301 ON show new ip addresses Success ** DBG MSG: iplog/newip ipv4 126.96.36.199 port=1 vlan=0 user=(none) "tap0" ** DBG MSG: iplog/newip ipv4 188.8.131.52 port=2 vlan=0 user=renzo "vde_plug: user=renzo PID=29258" ** DBG MSG: iplog/newip ipv4 184.108.40.206 port=2 vlan=0 user=renzo "vde_plug: user=renzo PID=29258" vde$
Note: iplog close and reopens the logfile when the vde_switch receives a SIGHUP. Send a SIGHUP to rotate the logfile.