If you have not installed NXlog yet, please refer to this page. To help configure how to send the logs from your Windows DHCP server to your SIEM, here is a simple NXlog configuration to accomplish this as well with some notation explaining what the configuration is instructing NXlog to do. If a DHCP lease has expired before we have a chance to dig into the event, the logs that identified the incident may be outdated due to a new IP address which is where DHCP logs can help correlate the origin of the event. One of the main reasons you want to collect DHCP logs is alerts can and will be missed and it may be a few days before an incident is noticed. DHCP logs can be important to collect for several reasons.
0 kommentar(er)
