How do I configure DHCP server logs in graylog?

How do I configure DHCP server audit logs in graylog?
ID, Date, Time, Description, IP Address, Host Name, MAC Address ”

that’s a pretty general question, so I’ll give a general answer.

send the DHCP audit logs to graylog
configure an input
create an index
create a stream and rules to associate dhcp logs with stream
check results
modify fields or previous steps as necessary

1 Like

Is there a walkthrough or manual that shows how you do it?

there is documentation…

http://docs.graylog.org/en/3.1/

But this will only help you with the Graylog side… I would consult the Oracle of Goog to help you figure out what the process is for your DHCP source.

I was able to configure DHCP logs for graylog, but it only passes part of the log.
How do I get it to pass the entire log of the Renew line?
File “C:\Windows\Sysnative\dhcp\DhcpSrvLog-*.log”

Screenshot%20from%202019-09-27%2017-48-15

Are you using filebeat to send the log file to Graylog or some other method?

I set up GELF and on the DHCP server installed nxlog.

I’m no GELF expert, but it seems you might be running into a chunking issue. Check the documentation and then your configuration. Perhaps someone with more GELF experience can chime in again.

http://docs.graylog.org/en/3.1/pages/gelf.html#chunking

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.