How do I configure DHCP server audit logs in graylog?
ID, Date, Time, Description, IP Address, Host Name, MAC Address ”
that’s a pretty general question, so I’ll give a general answer.
send the DHCP audit logs to graylog
configure an input
create an index
create a stream and rules to associate dhcp logs with stream
check results
modify fields or previous steps as necessary
Is there a walkthrough or manual that shows how you do it?
there is documentation…
http://docs.graylog.org/en/3.1/
But this will only help you with the Graylog side… I would consult the Oracle of Goog to help you figure out what the process is for your DHCP source.
I was able to configure DHCP logs for graylog, but it only passes part of the log.
How do I get it to pass the entire log of the Renew line?
File “C:\Windows\Sysnative\dhcp\DhcpSrvLog-*.log”
Are you using filebeat to send the log file to Graylog or some other method?
I set up GELF and on the DHCP server installed nxlog.
I’m no GELF expert, but it seems you might be running into a chunking issue. Check the documentation and then your configuration. Perhaps someone with more GELF experience can chime in again.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.