Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

About the Device

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. DHCP allows hosts to obtain required TCP/IP configuration information from a DHCP server.

Device Information

 Entity

Particulars

Vendor Name

 Microsoft

Product Name

Windows DHCP Server

Type of Device

Hosted

Collection Method

Log Type

 Ingestion label

Preferred Logging Protocol

Log collection method

Windows DHCP

WINDOWS_DHCP

 SYSLOG

CyberHub

Port Requirements

Source

Destination

Port

Windows DHCP

CyberHub

10014 (TCP)

Device Configuration

Configuring Microsoft DHCP:

By default, Microsoft DHCP audit logging is enabled.

Enable DHCP audit logging. To enable DHCP server logging, do the following:

  1. Run the DHCP MMC snap-in (dhcpmgmt.msc)

  2. In the console tree view, expand the server for which to configure logging, click IPv4.

image-20240401-120458.png
  1. Right-click on IPv4 and click Properties. Note that the context menu is not fully populated until after the IPv4 menu has been expanded at least once.

image-20240401-120544.png
  1. In General, select Enable DHCP audit logging.

  2. In Advanced, keep the default Audit log file path, or click Browse and select a new path. and click Ok.

image-20240115-125143 (1).png
  1. Restart the DHCP server by right-clicking the server and clicking All Tasks > Restart.
    See http://technet.microsoft.com/library/hh831825 for more details.

Steps to configure Windows NxLog Agent for TLS TCP Log flow on port 10014:

  1. Download and Install NxLog agent from location Download

  2. Navigate to services.msc and stop the nxlog service.

  3. For TLS, need to create certificate file for communication. On CyberHub, navigate to support user mode and choose option 11 to 11) View Certificate to export for FTPS and TCP

  4. Copy paste the certificate to new file and save this file into DNS server at desired location.

  5. Navigate to folder "C:\Program Files (x86)\nxlog\data" and delete "configcache.dat".

  6. For Windows Agent , navigate to installed location "C:\Program Files (x86)\nxlog\conf" and rename the attached to "nxlog.conf" and copy into this folder.

  7. Replace “OUTPUT_DESTINATION_ADDRESS” with “CyberHub IP Address” in nxlog.conf.

  8. DHCP LOG location (access.log) needs to be mentioned on line 31 against "File".

  9. Add CAFile location at line number 44

  10. Now start the nxlog service from services.msc.

  11. NxLog agent logs will be available at location "C:\Program Files (x86)\nxlog\data\nxlog.log"

Integration Parameters

Parameters required from customer for Integration.

Property

Default Value

Description

IP Address

Windows DHCP

Hostname or IP address of the device which forwards logs to the CyberHub.

  • No labels