Options
DHCP lease alert
Does any one know if there is a way to alert on windows 2003 DHCP handing out a lease for a subnet.
I need a way to alert me if any address are handed out from one of our subnets. The subnet in question should only be used in cases where or Radius server fails and devices can't authenticate correctly.
In most cases monitoring of the radius server should tell us of problems, but to be suere I need a way to monitor this scope and see if any clients are using it, if they are I know there is an issue some where.
Idealy I want either the DHCP server to write to event viwer or sned a syslog message.
Any ideas?
Aaron
I need a way to alert me if any address are handed out from one of our subnets. The subnet in question should only be used in cases where or Radius server fails and devices can't authenticate correctly.
In most cases monitoring of the radius server should tell us of problems, but to be suere I need a way to monitor this scope and see if any clients are using it, if they are I know there is an issue some where.
Idealy I want either the DHCP server to write to event viwer or sned a syslog message.
Any ideas?
Aaron
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com
Comments
-
Options
blargoe
Member Posts: 4,174 ■■■■■■■■■□
The only way I can think of is to have something to monitor the dhcp logs that are located in C:\windows\system32\dhcp for DHCPACKs. I don't know how to do that without a third party tool such as MOM.
I'm not sure if there is a Windows perf counter for DHCP leases, but if there is, you could monitor that as well.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
Options
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
The only way I can think of is to have something to monitor the dhcp logs that are located in C:\windows\system32\dhcp for DHCPACKs. I don't know how to do that without a third party tool such as MOM.
I'm not sure if there is a Windows perf counter for DHCP leases, but if there is, you could monitor that as well.
*cough* PowerShell *cough* -
Options
DevilWAH
Member Posts: 2,997 ■■■■■■■■□□
RobertKaucher wrote: »*cough* PowerShell *cough*
LOL
I was timing till that came along
So could you (yes i mean you
) use powershell to alert the moment any address is assigned from a specific scope on a 2003 server ?
I not asking you to do it, just if you know if it can (resonable stright forwardly) be done?- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com -
OptionsRobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
It would have to be set as a scheduled taks. A program in C# written as a service to monitor the logs might be a better option if it has to be at that exact moment. I wrote that more as a joke based on your other thread.
EDIT: Btw: http://msdn.microsoft.com/en-us/library/aa363379(VS.85).aspx -
OptionsDevilWAH
Member Posts: 2,997 ■■■■■■■■□□
I found a new way to do this
rather than worry about the server side of this as WMI does not contain any DHCP stuff so server side scripting is going to be fiddle and not instance.
Instead I set up a ACL on the incoming interface of the router that is the DFGW to the subnet for the scope. The ACL logs DNS and DHCP packets and permits every thing else.
Then using a #logging discriminator <name> include msg ACS
(the ACL is named ACS_critical) so the logging discriminator above will catch it.
Add to that a
logging host x.x.x.x discriminator<name>
And the router will send a syslog message any time DHCP traffic or DNS traffic passes across the interface (ie the subnet is in use)
Now any syslog server can receive these messages and convert them in to an instant alert.
Cheers for the ideas though but you can always solve any thing with the network - If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com