14.12. Enabling DHCP Audit Logging
You want to enable DHCP Server audit logging to monitor activity the server is receiving or to use the logs as an audit trail in case a problem arises in the future.
Enabling logging on a busy DHCP Server can negatively impact performance. Monitor the server closely after initially turning on logging.
Using a graphical user interface
Open the DHCP snap-in.
In the left pane, right-click on DHCP and select Add Server.
Type in the name of the DHCP Server you want to target and click OK.
Right-click the server node and select Properties.
On the General tab, check the box beside Enable DHCP audit logging.
Using a command-line interface
doesn't allow you to enable DHCP audit logging. You can only modify
the audit log file path (see Recipe 14.13).
However, this setting is controlled via the registry. The following
command enables auditing by setting the
> reg add HKLM\System\CurrentControlSet\Services\DhcpServer\Parameters /v ActivityLogFlag /t REG_DWORD /d 1
To disable auditing, use the same command except use
/d 0 in place of
After you enable auditing on a DHCP Server, all DHCP requests, database maintenance events, and various errors will be logged to a file. By default, a separate file is generated for each day of the week and stored in %SystemRoot%\system32\dhcp. See Recipe 14.13 for more on how to store audit logs in a different directory. The files are named DhcpSrvLog-xxx.log ...