DHCP Server Logs
Overview
Section titled “Overview”Evidence: DHCP Server Logs
Description: Collect DHCP Server Logs
Category: Applications
Platform: linux
Short Name: dhcpl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”DHCP server logs on Linux record IP address assignments, lease information, client MAC addresses, and DHCP transactions. These logs help track which devices connected to the network and when.
Data Collected
Section titled “Data Collected”This collector gathers structured data about dhcp server logs.
Collection Method
Section titled “Collection Method”This collector gathers DHCP server logs from /var/log/dhcpd.log, which contains DHCP daemon operational logs including IP assignments and lease management.
Forensic Value
Section titled “Forensic Value”DHCP logs are valuable for network forensics, identifying unauthorized devices, tracking IP address assignments to MAC addresses, establishing device presence timelines, and investigating network-based attacks.