Skip to content
AIR Knowledge Base

DHCP Server Logs

Overview

Section titled “Overview”

Evidence: DHCP Server Logs
Description: Collect DHCP Server Logs
Category: Applications
Platform: aix
Short Name: dhcpl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Section titled “Background”

DHCP client daemon logs on AIX are stored in /usr/tmp/dhcpcd.log. These logs record DHCP client activities including IP address assignments, lease renewals, and DHCP server communications on AIX systems.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about dhcp server logs.

Collection Method

Section titled “Collection Method”

This collector gathers DHCP client daemon logs from /usr/tmp/dhcpcd.log, which contains AIX DHCP client operational logs and network configuration activities.

Forensic Value

Section titled “Forensic Value”

DHCP logs on AIX help track network configuration changes, IP address assignments, and network connectivity timeline. They’re useful for investigating network-based attacks and establishing system network presence on AIX systems.

Notes

Section titled “Notes”

Artifact collector for AIX. Locations: /usr/tmp/dhcpcd.log