ICT bij de horens gevat

You are here

Monitoring DD-WRT DNS leases with Nagios and Nagiosgrapher

Here's a little explanation how we monitor the number of DNS leases give by Dnsmasq on a DD-WRT router. The wireless network wasn't going so smooth, and we wanted to figure out how many clients were connected at any given time.


First of all, we run a small cron job in the DD-WRT router. We will get the number of leases You need to log in on the router's admin page, and add the following to the cron job. Note that in the command below, we need to specify which user runs the cronjob, unlike when you use "crontab -e" to make a new cronjob.  WC counts the lines and we send it to the logger.

* * * * * root wc -l /tmp/dnsmasq.leases | logger


Next thing we do is remote logging. The logs of DD-WRT are usable, but are not saved on a reboot. For this second step, you will need to have some server running which accepts remote logging. We do this with rsyslog on a debian server. Go to the DD-WRT admin page and enter the IP address of your remote logging server.


Now on the remote logging server, we had to change /etc/rsyslog/rsyslog.conf. First we turn on remote logging, and then we determine that everything that is not from the localhost goes to a separate file. Not a perfect solution, but it works when you have only one logging instance coming in.


# uncomment these two lines
$ModLoad imudp
$UDPServerRun 514


# this lines bellow will catch anything that is not from your localhost, and send it to a seperate file
:fromhost, !isequal, "
yourlocalhostname"    /var/log//ddwrtleases.log
& ~


With this done, now it's time to regularly check this /var/log/ddwrtleases.log. The file will have all log info and also 1.440 times the number of leases at that given minutes. Meanwhile we made this little command that show the maximum number of leases each day. It's just a handy little thing to check once in a while. The bellow command is not perfect: notice the little star behind ddwrtleases. That's just a dirty trick to get pass the fact that logrotate might do it's job, moving the log file, and messing up the results. Logrotate is set to compress everything but the last two log files. Kind of works, as grep of the compress logs is just gibberish. Please post a comment if you have a better solution. Cron runs this command bellow once per day at 23:59.


datum=`date "+%b %_d"`
cat /var/log/ddwrtleases* | grep "$datum" | grep /tmp/dnsm | awk  '{print $6, $2, $1, $3}' | sort -n | tail -n 1 >> /root/maximum_leases


Now the main part  was to visualize all this in Nagios. I assume you know how to configure Nagios itself. Bellow you find the code of the small custom check_leases.sh


# usage: nagios_check_MP_wifirouter.sh THRESHOLD
# THRESHLOD is argument $1
currentleases=`tail -n 1 /var/log/remotehost | grep /tmp/dnsm | awk  '{print $6}'`
if [ ! -n "$1" ]
        echo "UNKNOWN: Argument is missing"
        exit 3
if [ $currentleases -gt $1 ] ;
        echo "Leases CRITICAL, currently $currentleases"
        exit 2 ;
        echo "Leases OK, currently $currentleases"
        exit 0 ;


The threshold is optional. This can also be used to monitor and visualize the number of leases any given day. For this purpose we use Nagiosgrapher and this simple template


define ngraph{
        service_name            Current Leases
        graph_log_regex         currently (\d+)
        graph_value             leases
        graph_units             leases
        graph_legend            leases
        graph_legend_eol        none
        page                    leases
        rrd_plottype            AREA
        rrd_color               EACC00