Re: DHCP Logging (can't find a solution!)

From: "Gaspar" <noreply@xxxxxxxxxxxxxxxx>
Date: Mon, 11 Feb 2008 08:50:27 -0200

ISA doesn't have "Client Host name" in Web logs (as it does in Firewall
logs)
So, I don't know how to log this, how to do this correctly.

Thanks

"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:%23hP0q2naIHA.5164@xxxxxxxxxxxxxxxxxxxxxxx

"Gaspar" <noreply@xxxxxxxxxxxxxxxx> wrote in message
news:e7dZ1KkaIHA.3696@xxxxxxxxxxxxxxxxxxxxxxx

I know this question has been asked before but I can't find a solution for
my problem: I need to find which host had a certain IP assigned to it in a
specific date.
Windows 2003's DHCP server mantains only logs for a week (no longer than
that).

The normal DHCP behavor is that Clients will always ask for the same
config they had the last time. So barring unforeseen circumstances it
will still be using the same IP config today.

This will be use to analyze ISA logs (which only logs client ip address,
not host names). For example, given the following data:

ISA will log the host name if done correctly.

ISA Logging
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/tb_logging.mspx
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/logging-best-practices.mspx
http://www.microsoft.com/technet/isa/2004/plan/faq-monitoring.mspx

ISA Server 2004 FAQ: Monitoring and Logging
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/faq-monitoring.mspx

"2008-01-01,192.168.0.22,www.someadultsite.com"
Which hostname/computer was assigned to "192.168.0.22" in "01/01/2008"?

The ISA log will include the Username, which is more important than the
host name.
Don't use SecureNAT Clients (which can't authenticate) and you will always
get the Username
Don't use generic "shared" user account and you will always know who the
person was.

Without considering all the above, your findings will never be solid
enough to legally enact disipline upon the user(s) if the user chooses to
sue the company over your disipinary actions.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Follow-Ups:
- Re: DHCP Logging (can't find a solution!)
  - From: Phillip Windell

References:
- DHCP Logging (can't find a solution!)
  - From: Gaspar
- Re: DHCP Logging (can't find a solution!)
  - From: Phillip Windell

Prev by Date: Re: Cannot join client PC to domain
Next by Date: Re: Cannot use FTP on client
Previous by thread: Re: DHCP Logging (can't find a solution!)
Next by thread: Re: DHCP Logging (can't find a solution!)
Index(es):
- Date
- Thread

Relevant Pages

Re: Delay opening IE
... clients should be using the host name of the isa proxy server which should ... point to the internal ip address of the isa server, ... would review your wpad entries and test dns resolution against the isa host ...
(microsoft.public.isaserver)
Re: client host name
... You'll have to install the Firewall client on those hosts. ... ISA doesn't reverse-resolve client connections. ... The logs show only client ip address and not client host name. ...
(microsoft.public.isaserver)
RE: long time download email under the vista machine
... Please take your time to collect the ISA log. ... you can refer the steps to collect the logs. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
(microsoft.public.windows.server.sbs)
RE: VBScript: Remote Desktop Disconnected
... ISA Info: ... Extract all files to a folder on ISA server ... Clear the current existing W3C logs. ... 'Microsoft Firewall' service. ...
(microsoft.public.windows.server.sbs)
RE: long time download email under the vista machine
... Have you got a change to collect the ISA log? ... I will keep the logs secret. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
(microsoft.public.windows.server.sbs)