Evidence: DHCP Server Logs
Description: Collect DHCP Server Logs
Category: Applications
Platform: linux
Short Name: dhcpl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
DHCP server logs on Linux record IP address assignments, lease information, client MAC addresses, and DHCP transactions. These logs help track which devices connected to the network and when.
Data Collected
This collector gathers structured data about dhcp server logs.
Collection Method
This collector gathers DHCP server logs from /var/log/dhcpd.log, which contains DHCP daemon operational logs including IP assignments and lease management.
Forensic Value
DHCP logs are valuable for network forensics, identifying unauthorized devices, tracking IP address assignments to MAC addresses, establishing device presence timelines, and investigating network-based attacks.
