2 Replies Latest reply on Nov 10, 2015 10:48 AM by supportdiehard

    Collecting Logs for DHCP Server Configuration Changes

    jloehr

      Hey all,

      I'm setting up Log & Event Manager for the first time and I can't seem to figure out how to properly collect the logs I want from a windows DHCP server. I want to be able to collect the logs that show configuration changes to DHCP (reservations, scope changes, etc).

       

      Prelim info:

      DHCP running on Windows Server 2008 R2 Standard.

      Solarwinds LEM 5.5.0

      LEM client 5.3.1

       

      In collectors for the node I see that there are really two options:

      1. Windows DHCP Server 2000/2003/2008 System Log

      2. Windows DHCP Server 2003

       

      The first collector (DHCP Server 2xxx System Log) is just looking at the System Log and only shows stuff about the service itself (service failed to start, ip pools full, etc)

      The second collector looks at the logs in C:\Windows\System32\dhcp, which only show all the dhcp assign/renew/expire requests. Important, but still not what I want.

       

      What I really want is to collect to the logs from: C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Dhcp-Server%4Operational.evtx (or from Event Viewer: "Applications and Services Logs">Microsoft>Windows>DHCP-Server>Microsoft-Windows-DHCP Server Events/Operational). This contains all the auditing logs about scope changes, adding/deleting reservations, and other configuration changes along with the user doing the modifications.

       

      Am I missing something or is there no collector in LEM that can collect these logs?

       

      Thanks!