Monitoring the DHCP Log File (MCP Series)

The DHCP Log is generally saved in the C:\Windows\System32\DHCP folder on DHCP servers. The file name of the log is generally DhcpSrvLog.*.

Event ID's and what they mean:

00 - Log was started
01 - Log was stopped
02 - Log was paused due to low disk space
10 - New IP address lease was assigned to a client
11 - A lease was renewed
12 - A lease was released
13 - An IP address was found to be in use on the network
14 - No more IP addresses are available for distribution
15 - A lease was denied
16 - A lease was deleted
17 - A lease expired
...
30 - DNS update request to the named DNS server
31 - DNS update failed
32 - DNS update successful
...
50+ These codes are used for Rogue Server Detection information
Eg. 56 - DHCP server is not authorised in Active Directory

Popular posts from this blog

Get local computer UUID/GUID using Windows Powershell

gPLink and gPOptions

PSLoggedOn Getting Started on Windows Server 2008 R2