Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant

Auditing and troubleshooting DHCP

Auditing and troubleshooting DHCP

Windows Server 2012 R2 is configured to audit DHCP processes by default. Auditing tracks DHCP processes and requests in log files.

You can use audit logs to help you troubleshoot problems with a DHCP server. Just as you enable and configure logging separately for IPv4 and IPv6, the two protocols use different log files. The default location for DHCP logs is %SystemRoot%System32DHCP. In this directory, you’ll find a different log file for each day of the week. The IPv4 log file for Monday is named DhcpSrvLog-Mon.log, the log file for Tuesday is named DhcpSrvLog-Tue.log, and so on. The IPv6 log file for Monday is named DhcpV6SrvLog-Mon.log, the log file for Tuesday is named DhcpV6SrvLogTue.log, and so on.

When you start the DHCP server or a new day arrives, a header message is written to the log file. This header provides a summary of DHCP events and their meanings. Stopping and starting the DHCP Server service doesn’t clear a log file. Log data is kept for a week. For example, the DHCP Server service clears and starts over Monday’s log the following Monday. You don’t have to monitor space usage by the DHCP Server service. The service is configured to monitor itself and restricts disk space usage by default.

You can enable or disable DHCP auditing by following these steps:

1. In the DHCP console, expand the node for the server with which you want to work, press and hold or right-click IPv4 or IPv6 as appropriate for the type of address with which you want to work, and then tap or click Properties.

2. On the General tab, select or clear the Enable DHCP Audit Logging check box, and then tap or click OK.

By default, DHCP logs are stored in %SystemRoot%System32DHCP. You can change the location of DHCP logs by following these steps:

1. In the DHCP console, expand the node for the server with which you want to work, press and hold or right-click IPv4 or IPv6 as appropriate for the type of address with which you want to work, and then tap or click Properties.

2. Tap or click the Advanced tab. Audit Log File Path shows the current folder location for log files. Enter a new folder location, or tap or click Browse to select a new location.

3. Tap or click OK. Windows Server 2012 R2 now needs to restart the DHCP Server service. When prompted to restart the service, tap or click Yes. The service will be stopped and then started again.

The DHCP server has a self-monitoring system that checks disk space usage. By default, the maximum size of all DHCP server logs is 70 megabytes (MB), with each individual log being limited to one-seventh of this space. If the server reaches the 70-MB limit or an individual log grows beyond the allocated space, logging of DHCP activity stops until log files are cleared or space is otherwise made available. Typically, this happens at the beginning of a new day when the server clears the previous week’s log file for that day.

Registry keys that control log usage and other DHCP settings are located under HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDHCPServerParameters.

The following keys control the logging:

? DhcpLogFilesMaxSize Sets the maximum file size for all logs. The default is 70 MB.

? DhcpLogDiskSpaceCleanupInterval Determines how often DHCP checks disk space usage and cleans up as necessary. The default interval is 60 minutes.

? DhcpLogMinSpaceOnDisk Sets the free space threshold for writing to the log. If the disk has less free space than the value specified, logging is temporarily disabled. The default value is 20 MB.

DhcpLogMinSpaceOnDisk is considered an optional key and is not created automatically. You need to create this key as necessary and set appropriate values for your network.

Оглавление книги