ICC Home / Members / Meetings / Peer Support / Documentation / Projects
DHCP:Return to IT/SA Services Documentation Home |
Lead: Chris Leopold / Santos SolerDescription:All OU admins should have VIEW access to their DHCP server (for example: IF-SRV-DHCP01) using their IF-ADMN account. This was implemented via adding .IFAS-ADM-ALL to the DHCP Users group. All MPS servers have the DHCP server role enabled. All that is required to view this is add the DHCP snap-in to your admin MMC. If there are any questions on this please contact Chris Leopold. DHCP log access:Read-access to our DHCP logs was made available to OU admins on November 5th, 2008. This should help folks in tracking down machines referenced in those detail-lacking UFIRT notices. [BTW, IDS events go into a database and then are batch processed at night in order to generate those notices which we have all seen. That's why they can't really do a host lookup (nslookup/nbtstat) at the time these tickets are generated and add that info into the notices. Between the time an event occurs and a ticket is generated things could have easily changed.] The DHCP log archive is located at: \\ad.ufl.edu\ifas\dhcp-logs. GUI access Perhaps the easiest way to access these is to use Chris Leopold's IFAS DHCP log file search application (ufad\if-admn credentials required). Pick a date (yesterday or prior) and a server (DHCP for on-campus) then search on IP# or hostname to help locate system details such as MAC addresses. From the MAC address you can easily find at least the manufacturer of unmanaged machines as well. This is a very useful tool in responding to UFirt notices. CMD-line access Another way to access these is to run a CMD prompt under your IF-ADMN credentials. If you do a directory listing on that path you get: c:\>dir \\ad.ufl.edu\ifas\dhcp-logs Volume in drive \\ad.ufl.edu\ifas has no label. Volume Serial Number is 6C70-3128 Directory of \\ad.ufl.edu\ifas\dhcp-logs 05/18/2012 12:00 PM <DIR> . 05/18/2012 12:00 PM <DIR> .. 02/06/2008 12:32 PM <DIR> 2006 02/06/2008 11:28 AM <DIR> 2007 12/02/2008 12:55 AM <DIR> 2008 12/02/2009 12:51 AM <DIR> 2009 12/02/2010 01:00 AM <DIR> 2010 12/02/2011 01:00 AM <DIR> 2011 10/02/2012 03:00 AM <DIR> 2012 10/08/2012 10:45 AM <DIR> Backup 0 File(s) 0 bytes 12 Dir(s) 129,720,045,568 bytes free You can see there is currently a single "2012" directory viewable. The subdirectories from there are by month: c:\>dir \\ad.ufl.edu\ifas\dhcp-logs\2012 Volume in drive \\ad.ufl.edu\ifas has no label. Volume Serial Number is 6C70-3128 Directory of \\ad.ufl.edu\ifas\dhcp-logs\2012 10/02/2012 03:00 AM <DIR> . 10/02/2012 03:00 AM <DIR> .. 05/17/2012 03:49 PM <DIR> 01 10/08/2012 09:00 AM <DIR> 02 10/08/2012 09:00 AM <DIR> 03 10/08/2012 09:00 AM <DIR> 04 10/08/2012 09:00 AM <DIR> 05 10/08/2012 09:00 AM <DIR> 06 10/08/2012 09:00 AM <DIR> 07 10/08/2012 09:00 AM <DIR> 08 10/08/2012 09:00 AM <DIR> 09 10/08/2012 02:39 PM <DIR> 10 0 File(s) 0 bytes 12 Dir(s) 129,720,045,568 bytes free Logs from the previous day are uploaded at 6am from our servers. There is a log file for each MPS at the remote sites and for the main DHCP server on campus. The log files are named via the convention: YYYY-MM-DD_IFAS-location-Site.log where the date is filled in as expected and the "location" portion denotes the server physical location. For example, the logs for November 4, 2008 on the campus server are in the file: 2008-11-04_ifas-dhcp-Site.log Thus, the command to find info (hostname and MAC address) on the campus IP# 10.248.22.153 for November 4th, 2008 would be: C:\>type \\ad.ufl.edu\ifas\DHCP-LOGS\2008\11\2008-11-04_ifas-dhcp-Site.log | find /i "10.248.22.153" 10,11/04/08,13:30:32,Assign,10.248.22.153,HostName.,000FB069D652, 32,11/04/08,13:40:34,DNS Update Successful,10.248.22.153,HostName.,, 11,11/04/08,16:30:42,Renew,10.248.22.153,HostName.,000FB069D652, 32,11/04/08,16:40:44,DNS Update Successful,10.248.22.153,HostName.,, 18,11/04/08,20:12:32,Expired,10.248.22.153,,, 17,11/04/08,20:12:42,DNS record not deleted,10.248.22.153,,, 32,11/04/08,20:27:48,DNS Update Successful,10.248.22.153,HostName.,, Campus Subnets:The IP ranges for the various units are detailed here. The DHCP Setup - On Campus Example is also available. |
last edited 8 October 2012 by Santos Soler