Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Microsoft DHCP Server

The Microsoft DHCP Server DSM for JSA accepts DHCP events by using the Microsoft DHCP Server protocol or WinCollect.

Before you can integrate your Microsoft DHCP Server with JSA, you must enable audit logging.

To configure the Microsoft DHCP Server:

  1. Log in to the DHCP Server Administration Tool.
  2. From the DHCP Administration Tool, right-click on the DHCP server and select Properties.

    The Properties window is displayed.

  3. Click the General tab.

    The General pane is displayed.

  4. Click Enable DHCP Audit Logging.

    The audit log file is created at midnight and must contain a three-character day of the week abbreviation.

    Table 1: Microsoft DHCP Log File Examples

    Log Type

    Example

    IPv4

    DhcpSrvLog-Mon.log

    IPv6

    DhcpV6SrvLog-Wed.log

    By default Microsoft DHCP is configured to write audit logs to the %WINDIR%\system32\dhcp\ directory.

  5. Restart the DHCP service.
  6. You can now configure the log source and protocol in JSA.
    1. To configure JSA to receive events from a Microsoft DHCP Server, you must select the Microsoft DHCP Server option from the Log Source Type list.

    2. To configure the protocol, you must select the Microsoft DHCP option from the Protocol Configuration list.

      Note:

      To integrate Microsoft DHCP Server versions 2000/2003 with JSA by using WinCollect, see the Juniper Secure Analytics WinCollect User Guide.

Microsoft DHCP Server Sample Event Message

Use this sample event message to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Microsoft DHCP Server sample message when you use the Syslog protocol

The following sample event message shows that Microsoft DHCP requested a DNS update to the named DNS server.

Table 2: Highlighted values in the Microsoft DHCP Server Sample Event Message

JSA field name

Highlighted values in the event payload

Event ID

30

Event Category

MicrosoftDHCP

Source IP

10.168.41.1