Analyzing Server Log Files
Because Windows 2000 Server uses audit logging when writing DHCP server log files, DHCP server logging is not resource-intensive. It can be left enabled because it uses a limited amount of disk space on server hard drives.
DHCP Server Log File Format
DHCP server logs are comma-delimited text files with each log entry representing a single line of text. The fields and their order as they appear in each log file entry are:
ID Date, Time, Description, IP Address, Computer Name, MAC Address
Each of these fields is described in further detail in Table 4.16.
Table 4.16 Log File Fields
Field |
Description |
|---|---|
ID |
A DHCP server event ID code. |
Date |
The date at which this entry was logged on the DHCP server. |
Time |
The time at which this entry was logged on the DHCP server. |
Description |
A description of this DHCP server event. |
IP Address |
The IP address of the DHCP client. |
Computer Name |
The computer name of the DHCP client. |
MAC Address |
The media access control address used by the client's network adapter hardware. |
DHCP Server Log Event Codes
The DHCP server log also uses special event ID codes to specifically indicate information about the type of service event logged.
Table 4.17 describes these event ID codes.
Table 4.17 Event ID Codes
Event ID |
Description |
|---|---|
00 |
The log was started. |
01 |
The log was stopped. |
02 |
The log was temporarily paused due to low disk space. |
10 |
A new IP address was leased to a client. |
11 |
A lease was renewed by a client. |
12 |
A lease was released by a client. |
13 |
An IP address was found in use on the network. |
14 |
A lease request could not be satisfied because the scope's address pool was exhausted. |
15 |
A lease was denied. |
20 |
A BOOTP address was leased to a client. |