How To Use grep To Parse A Linux DHCP Lease File
If you’re using a Linux solution for your DHCP server, you can use cat and grep to quickly locate the IP address of a particular host based on their hostname. On our OpenSUSE Linux DHCP server, the DHCP lease file is stored at /var/lib/dhcp/db/dhcpd.leases. CentOS/Red Hat Enterprise Linux has the lease file at the same path minus the “db” directory, so it is at /var/lib/dhcp/dhcpd.leases. If we run a tail or cat on that log file, we can see some examples of a lease:
tail -27 /var/lib/dhcp/db/dhcpd.leases
This command will display the last 27 lines of the specified file, which happens to be the lease file in this case. The output we receive is seen below:
lease 10.10.0.216 {
starts 2 2013/06/25 00:03:59;
ends 3 2013/06/26 00:03:59;
binding state active;
next binding state free;
hardware ethernet 00:50:56:a3:44:2b;
uid “\001@l\217’\361\021”;
client-hostname “Frodo”;
}
lease 10.10.0.210 {
starts 2 2013/06/25 00:04:04;
ends 3 2013/06/26 00:04:04;
binding state active;
next binding state free;
hardware ethernet 40:6c:8f:27:f1:11;
uid “\001@l\114’\214\219”;
client-hostname “Bilbo”;
}
lease 10.10.1.1 {
starts 2 2013/06/25 00:08:09;
ends 3 2013/06/26 00:08:09;
binding state active;
next binding state free;
hardware ethernet 7c:6d:62:bf:87:e6;
uid “\001|mb\277\207\346”;
client-hostname “Aragorn”;
}
There are three leases for three different hosts shown above. Depending on your network there may be hundreds of leases, if not more, so searching through them manually is a pain. Now that we know the format of the leases, we can use cat, pipe it to grep with some arguments, and find the IP address of a particular host using the hostname. Here’s the command we will use:
cat /var/lib/dhcp/db/dhcpd.leases | grep Bilbo -B 7 -A 1
In this command, cat will display the entire contents of a file on the screen, but then using the special character “pipe” (seen between “leases” and “grep”), we send the output of the cat command to the grep command. grep will print the entire line containing any string (text) that matches the string we supply. In this case, we have supplied the string, “Bilbo”, since that is the hostname we are hypothetically looking for. Without the -B 7 and -A 1 arguments, the output of the command would be only a single line:
client-hostname “Bilbo”;
But since we did use -B 7 and -A 1 arguments, we will receive the client-hostname line along with the 7 lines immediately above it and the 1 line directly below it:
lease 10.10.0.210 {
starts 2 2013/06/25 00:04:04;
ends 3 2013/06/26 00:04:04;
binding state active;
next binding state free;
hardware ethernet 40:6c:8f:27:f1:11;
uid “\001@l\217’\361\021”;
client-hostname “Bilbo”;
}
The curly bracket below the client-hostname line isn’t exactly important information–I’m just showing an example using both the -A and -B arguments. Finally, we’ll see how to display only the information we are looking for: the hostname and the IP address. What we need to do is use a grep command to match two different strings instead of just one. For that, we will use egrep, a special use of grep which allows us to use regular expressions. The command looks like this:
cat /var/lib/dhcp/db/dhcpd.leases | grep Bilbo -B 7 -A 1 | egrep 'Bilbo|lease'
It is the same command until the second pipe, where we use egrep to match both “Bilbo” and “lease”. Notice that this command uses single quotation marks. Now our output is nice and clean, and only relates the two pieces of information we care about:
lease 10.10.0.210 {
client-hostname “Bilbo”;
If we have more than one entry for “Bilbo”, the last one is the current or most recent entry. And that’s it for this article! Of course, if you had a client management solution which kept track of all client IP addresses, you wouldn’t even need to do this. But this method definitely beats walking a user through opening cmd.exe and typing ipconfig and reading you their IP address! You could also use a program like Angry IP Scanner to scan your network and resolve IP addresses to hostnames.