StepByStep  
 

Monitoring Windows 2003 DHCP Server Logfiles via syslog

Created 2007-10-10 by Florian Riedl

Information for the usage of this guide. This guide will give you the hints to create a configuration to monitor Windows 2003 DHCP server logs as well as forward all log data to a syslog server. To make things easier, the guide is split up into several mini-guides, which will each cover one big step of the configuration. These mini-guides only describe the general procedure. You may have to adjust settings like IPs or pathnames to your personal needs.

Please note: In order to forward the DHCP logs you need MonitorWare Agent.


Further you need to setup your DHCP server to log into text files. Please review the manual for further instructions.

Step 1

The first step we are going to take is to create a RuleSet with the corresponding action. In this case we want to forward our logs via syslog. Therefore we need a "Forward via syslog"-Action. Instructions on how to create a ruleset and setup the action can be found here:
How to Setup a Forward via Syslog Action
Please Note: You have to edit the IP address of the syslog server. By default it is set to 127.0.0.1. If you do not change this, your syslog server will not receive any data.

Step 2

The next important step is to setup the FileMonitor. We need it to monitor the text file logs created by your DHCP server.
How to Setup the FileMonitor Service
Please Note: This is a general guide, you may have to alter the path- and filename. The default path and filename is "C:\WINDOWS\System32\dhcp\DhcpSrvLog-Fri.log". The last 3 letters of the filename represent the day on which the log was created. You can use wildcards for the filename.

Step 3

The last and final step is to click on the Save button if necessary and then start MonitorWare Agent. You are now done. Finally you should receive all the log entries of your DHCP Firewall on your syslog server.

If you want, you can download the sample configuration file. Extract the .reg file to the machine where MonitorWare Agent is installed and execute it before opening MonitorWare Agent.

MonitorWareAgent
 Home
 Product Info
General Information
MonitorWare Products
Edition Comparison
Order and Pricing
Upgrade Insurance Info
News Releases
Version History
Product Tour
 - Screenshots
 Download
 Reference library
General Information
Step-by-step guides
 - All
 - MW Agent 4.0
 - Installation and Configuration
 - Services related
 - Actions related
 - MW Agent All Versions
Common Uses
Centralized monitoring
Security Reference
 Help
Support
Manual
FAQ
 - All
 - General questions
 - Configuration related
 - Installation and Configuration
 - Services related
 - Actions related
 - Central Monitoring
Articles
Seminars Online
 - All
 - General
 - MonitorWare Agent
 Order & pricing
Order now
Editions
Pricing Information
Upgrade Insurance Info
Local Reseller
 Contact Us
 Search
 
 



Printer Version Send this page to a friend

Copyright © 1988-2005 Adiscon GmbH All rights reserved.
Contact us via Secure Web Response | Privacy Policy
Topic Links: syslog | Free Weblinks Directory