Announcement

Collapse
No announcement yet.

Do you have idea to keep the log of DHCP service

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Do you have idea to keep the log of DHCP service

    Hello IT guy

    Do you have idea to keep the log of DHCP service . And then sent the log file to syslog server. I need to keep detail distribute IP to client and keep Mac-Address of client and send to syslog server

  • #2
    Lo and Behold! The wonders of reveal the presence of a Powershell cmdlet which turns on/configures DHCP logging. See this link for the details:
    https://technet.microsoft.com/en-us/...ps.630%29.aspx

    While the article example describes the output being directed to a folder location as opposed to a syslog, that should make it simpler to review or retrieve MACs, etc. From reading a similar article about DHCP on 2008R2 without Powershell, the default log location is under Windows\system32, and the file type is a CSV.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3

      I enable audit log on DHCP already.


      Comment


      • #4
        Originally posted by momaydopod View Post
        I enable audit log on DHCP already.

        Good for you

        I did a Google search for this yesterday and saw many results that used powershell to output MAC/IP's. What searches have you made, and which results have you tried to accomplish your goal?

        Short responses don't really help anyone to help you. You need to say what you have tried.
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Further research shows a common string that Microsoft products, almost universally, don't make use of syslog servers to record their events, that's why logging on any Windows PC has so much content. But accessing that data can be done in many ways; with the built-in tools of the Event Viewer MMC in Windows itself; mining info using some 3rd-party product or even Powershell as Blood suggested; even using Task Scheduler to fire a batch file when a specific event is recorded in a given event log. You could look for the event ID of the issuing of an IP from the DHCP logs, and append that info to a text file. But I think the original idea of posting to a syslog server is a step back, at the very least.
          *RicklesP*
          MSCA (2003/XP), Security+, CCNA

          ** Remember: credit where credit is due, and reputation points as appropriate **

          Comment


          • #6
            My Solution


            I use syslog agent is free for agent sent data to syslog server . I do monitor all f the log file of dhcp server Mon-Sun day sent to syslog server . I use PRTG for Syslog server.
            Last edited by momaydopod; 11th October 2016, 05:19.

            Comment


            • #7
              Additional picture

              Comment

              Working...
              X