Nov 03 2020 10:15 AM
Nov 03 2020 12:23 PM
SolutionNov 03 2020 02:37 PM
Nov 04 2020 07:38 AM
Nov 04 2020 08:07 AM
@roadruner This would work for either Azure or non-Azure computers. If you set up the Data section to ingest the DHCP events logs, then this would apply to all Windows computers. So the agent would look for those logs on all windows computers, although it should only find them on DHCP servers.
There is a new monitoring agent in public preview that would allow you to specify what logs to look at on which computers but it only works for Azure computers for the most part.
Nov 05 2020 05:13 AM
Jul 05 2021 05:33 PM
Aug 15 2022 01:30 PM
@guarismoI have the same thing also.
Jan 28 2023 10:20 AM
Please check the article I wrote to ingest DHCP logs using the new AMA agent.
https://medium.com/@johnnymonz/how-to-ingest-windows-server-dhcp-logs-in-microsoft-sentinel-e363be9f...
Sep 14 2023 07:51 PM
@johnnymonz93 hii johny tried your solution but for my customer they have stored logs into E drive and I am using a path like E/DHCP/DhcpSrvLog-*.log but the solution doesn't work in that case first I used path like
E/DHCP/*.log but it took logs from different logs files but it stopped that too after a couple of minutes the agent is sending heartbeat to the Law any idea on the causes?
Nov 03 2020 12:23 PM
Solution