- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- 42. Amazon Web Services (AWS)
- 43. Apache HTTP Server
- 44. Apache Tomcat
- 45. APC Automatic Transfer Switch
- 46. Apple macOS kernel
- 47. ArcSight Common Event Format (CEF)
- 48. Box
- 49. Brocade Switches
- 50. Browser History Logs
- 51. Check Point
- 52. Cisco ACS
- 53. Cisco ASA
- 54. Cisco FireSIGHT
- 55. Cisco IPS
- 56. Cloud Instance Metadata
- 57. Common Event Expression (CEE)
- 58. Dell EqualLogic
- 59. Dell iDRAC
- 60. Dell PowerVault MD Series
- 61. Devo
- 62. DHCP logs
- 63. DNS Monitoring
- 64. Docker
- 65. Elasticsearch and Kibana
- 66. F5 BIG-IP
- 67. File Integrity Monitoring
- 68. FreeRADIUS
- 69. Graylog
- 70. HP ProCurve
- 71. IBM QRadar SIEM
- 72. Industrial Control Systems
- 73. Linux Audit System
- 74. Linux system logs
- 75. Log Event Extended Format (LEEF)
- 76. McAfee Enterprise Security Manager (ESM)
- 77. McAfee ePolicy Orchestrator
- 78. Microsoft Active Directory Domain Controller
- 79. Microsoft Azure
- 80. Microsoft Azure Event Hubs
- 81. Microsoft Azure Sentinel
- 82. Microsoft Exchange
- 83. Microsoft IIS
- 84. Microsoft SharePoint
- 85. Microsoft SQL Server
- 86. Microsoft System Center Endpoint Protection
- 87. Microsoft System Center Configuration Manager
- 88. Microsoft System Center Operations Manager
- 89. MongoDB
- 90. Nagios Log Server
- 91. Nessus Vulnerability Scanner
- 92. NetApp
- 93. .NET application logs
- 94. Nginx
- 95. Okta
- 96. Osquery
- 97. Postfix
- 98. Promise
- 99. Rapid7 InsightIDR SIEM
- 100. RSA NetWitness
- 101. SafeNet KeySecure
- 102. Salesforce
- 103. Snare
- 104. Snort
- 105. Solarwinds Loggly
- 106. Splunk
- 107. Sumo Logic
- 108. Symantec Endpoint Protection
- 109. Synology DiskStation
- 110. Syslog
- 111. Sysmon
- 112. Ubiquiti UniFi
- 113. VMware vCenter
- 114. Windows AppLocker
- 115. Windows Command Line Auditing
- 116. Windows Event Log
- 117. Windows Firewall
- 118. Windows Group Policy
- 119. Windows Management Instrumentation (WMI)
- 120. Windows PowerShell
- 121. Microsoft Windows Update
- 122. Windows USB auditing
- 123. Zeek (formerly Bro) Network Security Monitor
- Troubleshooting
- Enterprise Edition Reference Manual
- NXLog Manager
- NXLog Add-Ons
62.1. ISC DHCP server (DHCPd)
The ISC DHCP Server, or DHCPd, is commonly used on Linux systems. DHCPd uses Syslog to log its activity. See Collecting and Parsing Syslog for general information about collecting Syslog logs.
By default, DHCPd logs to the daemon
Syslog facility. If desired, the DHCPd
log-facility
configuration statement can be used in /etc/dhcp/dhcpd.conf
to write logs to a different facility. The system logger could then be
configured to handle that facility’s logs as required. Otherwise, something
like the following example should work with the default settings.
This configuration uses the im_file module to read DHCPd messages
from one of the Syslog log files, and the xm_syslog
parse_syslog() procedure to parse them. Only
events from the dhcpd
source are kept; others are discarded with
drop().
Warning
|
This method will most likely not preserve severity information. See Reading Syslog Log Files for more information and the other sections in Collecting and Parsing Syslog for alternative ways to collect Syslog messages. |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<Extension _syslog>
Module xm_syslog
</Extension>
<Input dhcp_server>
Module im_file
# Debian writes `daemon` facility logs to `/var/log/daemon.log` by default
File '/var/log/daemon.log'
# RHEL writes `daemon` facility logs to `/var/log/messages` by default
#File '/var/log/messages'
<Exec>
parse_syslog();
if $SourceName != 'dhcpd' drop();
</Exec>
</Input>