Windows DHCP Debug Content Pack for Graylog
##Includes
- Input (WinDHCPLogs-gelf - GELF/UDP/5441)
- Extractors (WinDHCP_Debug_Log && all ID meaning descriptions)
- Dashboard (WinDHCP Summary)
##Requirements
- Windows DHCP server configured for "Enable DHCP audit logging" (https://technet.microsoft.com/en-ca/library/cc780941(v=ws.10).aspx)
- A GELF capable log exporter/collector such as nxlog or Graylog Collector monitoring the log file path
###Example of a working NXlog.conf file input/output configuration (using Collector Sidecar):
<Input 578f9dbc0ae2f10b1139b6a9>
Module im_file
File "C:\Windows\Sysnative\dhcp\DhcpSrvLog-*.log"
PollInterval 1
SavePos True
ReadFromLast True
Recursive False
RenameCheck True
Exec $FileName = file_name(); # Send file name with each message
</Input>
<Output 578f97f40ae2f10b1139b093>
Module om_udp
Host 192.168.20.210
Port 5441
OutputType GELF
Exec $short_message = $raw_event; # Avoids truncation of the short_message field.
Exec $gl2_source_collector = 'ae1187a3-48ae-42bc-a820-7033d7438dbd';
Exec $Hostname = hostname_fqdn();
</Output>