Help Center Logpoint Docs Idea Portal Logpoint.com
Question

Collect DHCP logs & enrichment with other log sources

  • 11 October 2023
  • 2 replies
  • 130 views
A

I’m thinking of onboarding internal DHCP logs. But I don’t quit know yet If it’s a good way to go.

I’m also in the progress of onboarding ISE logs, for authentication monitorering. Is It possible to correlate DHCP logs with ISE logs?

How about use-case related to DHCP logs? Looking at the built in alert rules there was only few use-cases related to DHCP. 
I think more about rouge DHCP server and so on. 

Does anyone have experience about DHCP logs and the the ability to correlate these with other logsources to get MAX out of It.

Thanks!

2 replies

K
Rank

 

Hi Aleksta, 

You can create a Dyanamic table extracting the needed information from ISE/Switch Logs. Once you have the table you can use that table to enrich the DHCP log just like we can enrich with a CSV file. You might need to hit and trail to see if this works or not. 

You can try this out on your won and if it doesnt work for you then please create a support ticket and we can have a scheduled session for your usecase.

Useful Links:

https://docs.logpoint.com/docs/data-integration-guide/en/latest/Configuration/List%20and%20Tables.html

https://docs.logpoint.com/docs/data-integration-guide/en/latest/Configuration/Enrichment%20Sources.html#adding-iptohost-as-an-enrichment-source

A

All right!

Seems like It’s some work to do related to tables which I’m not the familiar with.

But how about my other questions that you didn’t answer. 

“I’m thinking of onboarding internal DHCP logs. But I don’t quit know yet If it’s a good way to go?”

“How about use-case related to DHCP logs? Looking at the built in alert rules there was only few use-cases related to DHCP. 
I think more about rouge DHCP server and so on. “

Reply


Terms & ConditionsCookie settings