Forum Discussion

roadruner's avatar
roadruner
Copper Contributor
Nov 03, 2020
Solved

windows DHCP server logs to Sentinel

Does anyone know how to ingest Windows DHCP server logs to Sentinel ? thanks
  • GaryBushey's avatar
    GaryBushey
    Nov 03, 2020
    One way is to install the Microsoft Monitoring agent on the servers and then in Azure Sentinel go to Settings => Workspace settings => Advanced Settings => Data and in the Windows Event Logs, select any of the DHCP event logs you want to ingest
johnnymonz93's avatar
johnnymonz93
Copper Contributor
Jan 28, 2023

roadruner 

Please check the article I wrote to ingest DHCP logs using the new AMA agent.
 https://medium.com/@johnnymonz/how-to-ingest-windows-server-dhcp-logs-in-microsoft-sentinel-e363be9f0283 

  • Mandar16's avatar
    Mandar16
    Copper Contributor
    Sep 15, 2023

    johnnymonz93 hii johny tried your solution but for my customer they have stored logs into E drive and I am using a path like E/DHCP/DhcpSrvLog-*.log but the solution doesn't work in that case first I used path like

    E/DHCP/*.log but it took logs from different logs files but it stopped that too after a couple of minutes the agent is sending heartbeat to the Law any idea on the causes? 

Resources