DHCP Server Logs

Overview

Evidence: DHCP Server Logs Description: Collect DHCP Server Logs Category: Applications Platform: linux Short Name: dhcpl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

DHCP server logs on Linux record IP address assignments, lease information, client MAC addresses, and DHCP transactions. These logs help track which devices connected to the network and when.

Data Collected

This collector gathers structured data about dhcp server logs.

Collection Method

This collector gathers DHCP server logs from /var/log/dhcpd.log, which contains DHCP daemon operational logs including IP assignments and lease management.

Forensic Value

DHCP logs are valuable for network forensics, identifying unauthorized devices, tracking IP address assignments to MAC addresses, establishing device presence timelines, and investigating network-based attacks.