How do I configure DHCP server audit logs in graylog?
ID, Date, Time, Description, IP Address, Host Name, MAC Address ”
that’s a pretty general question, so I’ll give a general answer.
send the DHCP audit logs to graylog
configure an input
create an index
create a stream and rules to associate dhcp logs with stream
check results
modify fields or previous steps as necessary
Is there a walkthrough or manual that shows how you do it?
there is documentation…
http://docs.graylog.org/en/3.1/
But this will only help you with the Graylog side… I would consult the Oracle of Goog to help you figure out what the process is for your DHCP source.
I was able to configure DHCP logs for graylog, but it only passes part of the log.
How do I get it to pass the entire log of the Renew line?
File “C:\Windows\Sysnative\dhcp\DhcpSrvLog-*.log”
Are you using filebeat to send the log file to Graylog or some other method?
I set up GELF and on the DHCP server installed nxlog.
I’m no GELF expert, but it seems you might be running into a chunking issue. Check the documentation and then your configuration. Perhaps someone with more GELF experience can chime in again.