Event ID 1030 — DHCP Audit Logging

Updated: December 11, 2007

Applies To: Windows Server 2008

yellow

Dynamic Host Configuration Protocol (DHCP) servers include several logging features and server parameters that provide enhanced auditing capabilities. You can specify the following features:

  • The file path in which the DHCP server stores audit log files. DHCP audit logs are located by default at %windir%\System32\Dhcp.
  • A maximum size restriction (in megabytes) for the total amount of disk space available for all audit log files created and stored by the DHCP service.
  • An interval for disk checking that is used to determine how many times the DHCP server writes audit log events to the log file before checking for available disk space on the server.
  • A minimum size requirement (in megabytes) for server disk space that is used during disk checking to determine if sufficient space exists for the server to continue audit logging.

Event Details

Product: Windows Operating System
ID: 1030
Source: Microsoft-Windows-DHCP-Server
Version: 6.0
Symbolic Name: EVENT_SERVER_MOVE_AUDIT_LOG_FAILED
Message: The audit log file could not be backed up. The following error occurred:
%1

Resolve

Remove old audit log files or increase the maximum audit log size.

If the disk is full or the maximum log size is reached, the DHCP server closes the current file and ignores further requests to log audit events until either midnight or until disk status is improved and the disk is no longer full. If the disk is full, you can add more physical disk space, increase the maximum audit log size, or delete old log files from the default log directory: %windir%\System32\Dhcp.

To perform these procedures, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

To increase the maximum audit log size:

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

  1. Click Start, type regedit in Start Search, click Continue, and then press ENTER.
  2. In the registry tree, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\DHCPServer\Parameters, and then press ENTER.
  3. Double click DhcpLogFilesMaxSize, select Decimal, and then type a number greater than the current number in Value data.

Verify

To verify that the DHCP audit log is functioning correctly:

  1. At the DHCP server, click Start, type Windows Explorer in Start Search, and then press ENTER.
  2. Navigate the Windows Explorer tree to %windir%\System32\Dhcp.
  3. View and record the most recent DHCP log file date stamps. They should be recent. Repeat this process at regular intervals and note whether new events are being logged.

Related Management Information

DHCP Audit Logging

DHCP Infrastructure

Community Additions

ADD
Show: