ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects

DHCP:


Return to IT/SA Services Documentation Home

Lead: Chris Leopold / Santos Soler

Description:

All OU admins should have VIEW access to their DHCP server (for example: IF-SRV-DHCP01) using their IF-ADMN account. This was implemented via adding .IFAS-ADM-ALL to the DHCP Users group. All MPS servers have the DHCP server role enabled. All that is required to view this is add the DHCP snap-in to your admin MMC. If there are any questions on this please contact Chris Leopold.

DHCP log access:

Read-access to our DHCP logs was made available to OU admins on November 5th, 2008. This should help folks in tracking down machines referenced in those detail-lacking UFIRT notices. [BTW, IDS events go into a database and then are batch processed at night in order to generate those notices which we have all seen. That's why they can't really do a host lookup (nslookup/nbtstat) at the time these tickets are generated and add that info into the notices. Between the time an event occurs and a ticket is generated things could have easily changed.]

The DHCP log archive is located at: \\ad.ufl.edu\ifas\dhcp-logs.

GUI access

Perhaps the easiest way to access these is to use Chris Leopold's IFAS DHCP log file search application (ufad\if-admn credentials required). Pick a date (yesterday or prior) and a server (DHCP for on-campus) then search on IP# or hostname to help locate system details such as MAC addresses. From the MAC address you can easily find at least the manufacturer of unmanaged machines as well. This is a very useful tool in responding to UFirt notices.

CMD-line access

Another way to access these is to run a CMD prompt under your IF-ADMN credentials. If you do a directory listing on that path you get:

c:\>dir \\ad.ufl.edu\ifas\dhcp-logs
 Volume in drive \\ad.ufl.edu\ifas has no label.
 Volume Serial Number is 6C70-3128

 Directory of \\ad.ufl.edu\ifas\dhcp-logs

05/18/2012  12:00 PM    <DIR>          .
05/18/2012  12:00 PM    <DIR>          ..
02/06/2008  12:32 PM    <DIR>          2006
02/06/2008  11:28 AM    <DIR>          2007
12/02/2008  12:55 AM    <DIR>          2008
12/02/2009  12:51 AM    <DIR>          2009
12/02/2010  01:00 AM    <DIR>          2010
12/02/2011  01:00 AM    <DIR>          2011
10/02/2012  03:00 AM    <DIR>          2012
10/08/2012  10:45 AM    <DIR>          Backup
               0 File(s)              0 bytes
              12 Dir(s)  129,720,045,568 bytes free

You can see there is currently a single "2012" directory viewable. The subdirectories from there are by month:

c:\>dir \\ad.ufl.edu\ifas\dhcp-logs\2012
 Volume in drive \\ad.ufl.edu\ifas has no label.
 Volume Serial Number is 6C70-3128

 Directory of \\ad.ufl.edu\ifas\dhcp-logs\2012

10/02/2012  03:00 AM    <DIR>          .
10/02/2012  03:00 AM    <DIR>          ..
05/17/2012  03:49 PM    <DIR>          01
10/08/2012  09:00 AM    <DIR>          02
10/08/2012  09:00 AM    <DIR>          03
10/08/2012  09:00 AM    <DIR>          04
10/08/2012  09:00 AM    <DIR>          05
10/08/2012  09:00 AM    <DIR>          06
10/08/2012  09:00 AM    <DIR>          07
10/08/2012  09:00 AM    <DIR>          08
10/08/2012  09:00 AM    <DIR>          09
10/08/2012  02:39 PM    <DIR>          10
               0 File(s)              0 bytes
              12 Dir(s)  129,720,045,568 bytes free

Logs from the previous day are uploaded at 6am from our servers. There is a log file for each MPS at the remote sites and for the main DHCP server on campus. The log files are named via the convention:

YYYY-MM-DD_IFAS-location-Site.log

where the date is filled in as expected and the "location" portion denotes the server physical location. For example, the logs for November 4, 2008 on the campus server are in the file:

2008-11-04_ifas-dhcp-Site.log

Thus, the command to find info (hostname and MAC address) on the campus IP# 10.248.22.153 for November 4th, 2008 would be:

C:\>type \\ad.ufl.edu\ifas\DHCP-LOGS\2008\11\2008-11-04_ifas-dhcp-Site.log
| find /i "10.248.22.153"

10,11/04/08,13:30:32,Assign,10.248.22.153,HostName.,000FB069D652,
32,11/04/08,13:40:34,DNS Update Successful,10.248.22.153,HostName.,,
11,11/04/08,16:30:42,Renew,10.248.22.153,HostName.,000FB069D652,
32,11/04/08,16:40:44,DNS Update Successful,10.248.22.153,HostName.,,
18,11/04/08,20:12:32,Expired,10.248.22.153,,,
17,11/04/08,20:12:42,DNS record not deleted,10.248.22.153,,, 
32,11/04/08,20:27:48,DNS Update Successful,10.248.22.153,HostName.,,

Campus Subnets:

The IP ranges for the various units are detailed here. The DHCP Setup - On Campus Example is also available.

last edited 8 October 2012 by Santos Soler