I'm trying to activate DHCP server auditing logs on a Windows Server 2012 R2 using the DHCP analytical logs.
Until now, I was using the former method using TXT files (see image below). This was working well but since we are now collecting DNS logs from analytical logs (and not TXT files), we are trying to merge both methods to a single and common way.
So I checked which kind of analytical logs the DHCP server proposed and I found the following ones:
After activating DHCP analytical audit logs (I know how they use to behave), I was expecting to see the result of the different DHCP logs (lease, release, ...) inside this new event log file, but nothing was written inside (after stopping it). And when I look the former TXT file output, I can see that some activity is still written, as show below:
So my question is why nothing is written about DHCP activity since this place should be the correct one ? Did I missed something ? Thanks for your help !
BTW, I have checked the following points:
- Disable former auditing DHCP audit settings
- Add a look on the PowerShell command "set-dhcpserver"
- Try to read ETL file output content with NXLog instead of the Windows Event Viewer > file empty, nothing reported
- Looking for DHCP analytical logs on the internet reports nearly nothing. On the other hand, DNS analytical logs are very well documented
0 Answers