About the Device
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. DHCP allows hosts to obtain required TCP/IP configuration information from a DHCP server.
Device Information
Entity | Particulars |
---|---|
Vendor Name | Microsoft |
Product Name | Windows DHCP Server |
Type of Device | Hosted |
Collection Method
Log Type | Ingestion label | Preferred Logging Protocol | Log collection method |
---|---|---|---|
Windows DHCP | WINDOWS_DHCP | SYSLOG | CyberHub |
Port Requirements
Source | Destination | Port |
---|---|---|
Windows DHCP | CyberHub | 10014 (TCP) |
Device Configuration
Configuring Microsoft DHCP:
By default, Microsoft DHCP audit logging is enabled.
Enable DHCP audit logging. To enable DHCP server logging, do the following:
Run the DHCP MMC snap-in (
dhcpmgmt.msc
)In the console tree view, expand the server for which to configure logging, click IPv4.
Right-click on IPv4 and click Properties. Note that the context menu is not fully populated until after the IPv4 menu has been expanded at least once.
In General, select Enable DHCP audit logging.
In Advanced, keep the default Audit log file path, or click Browse and select a new path. and click Ok.
Restart the DHCP server by right-clicking the server and clicking All Tasks > Restart.
See http://technet.microsoft.com/library/hh831825 for more details.
Steps to configure Windows NxLog Agent for TLS TCP Log flow on port 10014:
Download and Install NxLog agent from location Download
Navigate to
services.msc
and stop the nxlog service.For TLS, need to create certificate file for communication. On CyberHub, navigate to support user mode and choose option 11 to 11) View Certificate to export for FTPS and TCP
Copy paste the certificate to new file and save this file into DNS server at desired location.
Navigate to folder
"C:\Program Files (x86)\nxlog\data"
and delete"configcache.dat"
.For Windows Agent , navigate to installed location
"C:\Program Files (x86)\nxlog\conf"
and rename the attached to"nxlog.conf"
and copy into this folder.Replace “OUTPUT_DESTINATION_ADDRESS” with “CyberHub IP Address” in
nxlog.conf
.DHCP LOG location (access.log) needs to be mentioned on line 31 against "File".
Add CAFile location at line number 44
Now start the nxlog service from
services.msc
.NxLog agent logs will be available at location
"C:\Program Files (x86)\nxlog\data\nxlog.log"
.
Integration Parameters
Parameters required from customer for Integration.
Property | Default Value | Description |
---|---|---|
IP Address | Windows DHCP | Hostname or IP address of the device which forwards logs to the CyberHub. |