How to Collect DHCP logs

Configuring Microsoft DHCP Debug Logging

1. Click Start > Programs > Administrative Tools > DHCP.

2. Now that you have the DHCP management console open, right-click on your DHCP server OR IPv4 protocol and select Properties.

   Open

   

3. Now that you have the properties open for your DHCP server or IPv4 protocol select the General tab and select Enable DHCP audit logging.

   Open

   

4. Now that you’ve enabled DHCP audit logging select the Advanced tab and record your Audit log file path for future configuration needs.

Configuring Windows Agent

1. Navigate to the Enterprise Agent for Windows web interface available on http://<ip-address>:6161

2. From the left-hand menu, select Log Configuration.

3. Click the Add button at the bottom of the Log Configuration screen.

   1. Select the Log Type : select DHCP Logs from the drop down list.

   2. In Log File or Directory, enter the directory where the DHCP logs are stored. If you are unsure of your log path, see section 4 under “Configuring Microsoft DHCP” above for assistance in determining the log directory.

   3. In Log Name Format enter the log file format. The default for IPv4 DHCP logs is   DhcpSrvLog-*.log

   4. Leave all other settings as their default

      
      
      

4. Once you have filled in the appropriate fields, click the Change Configuration button.

5. In the left-hand menu, click "Apply Configuration & Restart Service"

6. You will be redirected to Status screen once changes are applied 

Verify Log Configuration

Navigate again to Log Configuration page in the Agent web interface. 

Review your log configuration and make sure the value in the Matching File(s) column is black and not red. A filename in black indicates that Snare Agent has found the current file for processing. A filename in red indicates that Snare Agent cannot find the file for processing. Log Error(s) column will show errors if any.