DHCP logs retention and viewer

Posted by joeyl5@reddit | sysadmin | View on Reddit | 3 comments

Hi all,

I used Windows Server 2019 to lease out IPs to our guest network. I know the DHCP logs are kept on the server and I can view them on the IP leases but is there a better way to keep and parse those logs quickly. Say we get a complaint and I need to find the MAC address at a specific date and time? What kind of syslog method are you using? thanks!

[-]

bard329@reddit

Get a SIEM.

In fact, you can probably get one of Splunk's free trials (be prepared to get calls and emails from their sales team) and upload your DHCP logs to your trial instance.

[-]

BornAgainSysadmin@reddit

I've used Splunk successfully for Windows DHCP logs.

[-]

SevaraB@reddit

You might want to consider a syslog alternative like Loki for a modern MELT stack- Windows Server > Grafana Windows agent > Loki.

Loki would be a really good option because logs like DHCP can take up a LOT of space, and Loki will just index the fields you ask for and throw away the rest; it can make searching go a lot faster, and it can take up way less disk storage.