WinDHCP

Windows DHCP Debug Content Pack for Graylog

##Includes

Input (WinDHCPLogs-gelf - GELF/UDP/5441)
Extractors (WinDHCP_Debug_Log && all ID meaning descriptions)
Dashboard (WinDHCP Summary)

##Requirements

Windows DHCP server configured for "Enable DHCP audit logging" (https://technet.microsoft.com/en-ca/library/cc780941(v=ws.10).aspx)
A GELF capable log exporter/collector such as nxlog or Graylog Collector monitoring the log file path

###Example of a working NXlog.conf file input/output configuration (using Collector Sidecar):

<Input 578f9dbc0ae2f10b1139b6a9>
    Module im_file
    File "C:\Windows\Sysnative\dhcp\DhcpSrvLog-*.log"
    PollInterval 1
    SavePos	True
    ReadFromLast True
    Recursive False
    RenameCheck True
    Exec $FileName = file_name(); # Send file name with each message
</Input>

<Output 578f97f40ae2f10b1139b093>
    Module om_udp
    Host 192.168.20.210
    Port 5441
    OutputType  GELF
    Exec $short_message = $raw_event; # Avoids truncation of the short_message field.
    Exec $gl2_source_collector = 'ae1187a3-48ae-42bc-a820-7033d7438dbd';
    Exec $Hostname = hostname_fqdn();
</Output>

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
LICENSE		LICENSE
README.md		README.md
WinDHCP_content_pack.json		WinDHCP_content_pack.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

WinDHCP

About

Releases

Packages

License

jaroslavmraz/WinDHCP

Folders and files

Latest commit

History

Repository files navigation

WinDHCP

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Packages