How can I monitor the DHCP log file? (NETIQKB1459)

  • Document ID:7701459
  • Creation Date:02-Feb-2007
  • Modified Date:03-Mar-2008
    • Micro Focus Products:
      Security Manager

Resolution

goal
How can I monitor the DHCP log file?

fix
The DHCP service logs information to a text file that can be monitored by Operations and Security Manager. Typical events and how they look in the log file is shown below:

Event ID and Meaning:

00 - The log was started.
01 - The log was stopped.
02 - The log was temporarily paused due to low disk space.
10 - A new IP address was leased to a client.
11 - A lease was renewed by a client.
12 - A lease was released by a client.
13 - An IP address was found to be in use on the network.
14 - A lease request could not be satisfied because the scope's address pool was exhausted.
15 - A lease was denied.
16 - A lease was deleted.
17 - A lease was expired.
20 - A BOOTP address was leased to a client.
21 - A dynamic BOOTP address was leased to a client.
22 - A BOOTP request could not be satisfied because the scope's address pool for BOOTP was exhausted.
23 - A BOOTP IP address was deleted after checking to see it was not in use.
50+ - Codes above 50 are used for Rogue Server Detection information.

A typical log file looks like this:

ID

Date

Time

Description

IP Address

Host Name

MAC Address

11

8/24/00

00:00:58

Renew

xxx.xxx.xx.xxx

acme.domain.com

00xxxxxxxxxx

11

8/24/00

00:03:28

Renew

xxx.xxx.xx.xxx

acme.domain.com

00xxxxxxxxxx

11

8/24/00

00:05:58

Renew

xxx.xxx.xx.xxx

acme.domain.com

00xxxxxxxxxx

The basic steps to monitoring any text application log are shown below. Use the online Help for more detailed assistance in creating a data provider and a processing rule group with collection and alerting rules.

  • Create a new data provider for an Application log. Typically, the DCHP logs are saved in C: \ WINNT \ System32 \ DHCP on DHCP servers. The actual location varies depending on where the Windows NT or Windows 2000 is installed. When creating a provider, select the Generic: Single Line Log format. The DHCP log file format is DhcpSrvLog.
  • Edit an existing or create a new Processing Rule Group (recommended) associated with the DHCP servers.


Additional Information

Formerly known as NETIQKB1459