DHCP lease alert

Does any one know if there is a way to alert on windows 2003 DHCP handing out a lease for a subnet.

I need a way to alert me if any address are handed out from one of our subnets. The subnet in question should only be used in cases where or Radius server fails and devices can't authenticate correctly.

In most cases monitoring of the radius server should tell us of problems, but to be suere I need a way to monitor this scope and see if any clients are using it, if they are I know there is an issue some where.

Idealy I want either the DHCP server to write to event viwer or sned a syslog message.

Any ideas?

Aaron

Find more posts tagged with

Comments

blargoe

The only way I can think of is to have something to monitor the dhcp logs that are located in C:\windows\system32\dhcp for DHCPACKs. I don't know how to do that without a third party tool such as MOM.

I'm not sure if there is a Windows perf counter for DHCP leases, but if there is, you could monitor that as well.

RobertKaucher

blargoe wrote: »

The only way I can think of is to have something to monitor the dhcp logs that are located in C:\windows\system32\dhcp for DHCPACKs. I don't know how to do that without a third party tool such as MOM.

I'm not sure if there is a Windows perf counter for DHCP leases, but if there is, you could monitor that as well.

*cough* PowerShell *cough*

DevilWAH

RobertKaucher wrote: »

*cough* PowerShell *cough*

LOL

I was timing till that came along

So could you (yes i mean you

) use powershell to alert the moment any address is assigned from a specific scope on a 2003 server ?

I not asking you to do it, just if you know if it can (resonable stright forwardly) be done?

RobertKaucher

It would have to be set as a scheduled taks. A program in C# written as a service to monitor the logs might be a better option if it has to be at that exact moment. I wrote that more as a joke based on your other thread.

EDIT: Btw: http://msdn.microsoft.com/en-us/library/aa363379(VS.85).aspx

DevilWAH

I found a new way to do this

rather than worry about the server side of this as WMI does not contain any DHCP stuff so server side scripting is going to be fiddle and not instance.

Instead I set up a ACL on the incoming interface of the router that is the DFGW to the subnet for the scope. The ACL logs DNS and DHCP packets and permits every thing else.

Then using a #logging discriminator <name> include msg ACS

(the ACL is named ACS_critical) so the logging discriminator above will catch it.

Add to that a

logging host x.x.x.x discriminator<name>

And the router will send a syslog message any time DHCP traffic or DNS traffic passes across the interface (ie the subnet is in use)

Now any syslog server can receive these messages and convert them in to an instant alert.

Cheers for the ideas though but you can always solve any thing with the network