• No results found

RSA Event Source Configuration Guide. Microsoft Dynamic Host Configuration Protocol Server

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "RSA Event Source Configuration Guide. Microsoft Dynamic Host Configuration Protocol Server"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Copyright © 2012 EMC Corporation. All Rights Reserved.

Server

Last Modified: Tuesday, March 11, 2014

Event Source (Device) Product Information

Vendor Microsoft

Event Source (Device) Dynamic Host Configuration Protocol (DHCP) Server

Supported Versions Windows 2000,Windows 2003, Windows 2008,

Windows 2012

Additional Downloads sftpagent_conf_msdhcpwin2000.txt

sftpagent_conf_msdhcpwin2003.txt sftpagent.conf.msdhcpwin2k8 sftpagent.conf.msdhcpwin2k12

RSA Product Information

Supported Version RSA enVision 4.0 and 4.1

Event Source (Device) Type msdhcp, 114

Collection Method File Reader

Event Source (Device) Class.Subclass Host.Application Servers

Content 2.0 Table Application Servers

This document contains the following information for the Microsoft Dynamic Host Configuration Protocol (DHCP) Server event source:

l Configuration Instructions l Content 2.0 Release Notes l Standard Content Release Notes

Microsoft DHCP Server Configuration Instructions

You must complete these tasks to configure Microsoft DHCP Server to work with enVision: I. Configure Microsoft DHCP server.

II. Configure RSA enVision to retrieve the log files. III. Set up the NIC File Reader Service.

(2)

Configure Microsoft DHCP Server

Follow the appropriate instructions for your version of Microsoft DHCP Server. To configure Microsoft DHCP Server 2008 or 2012:

1. Open the Microsoft DHCP Service Manager. 2. In the left-hand pane, double-click the server name.

3. To configure IPv4 properties, double-click IPv4, and follow these steps: a. Right-click IPv4, and select Properties.

b. On the General tab, make sure that Enable DHCP audit logging is selected. c. Click the Advanced tab, and take note of the audit log file path.

Note: You will need to supply this pathname when you set up the NIC SFTP Agent.

d. Click OK.

4. To configure IPv6 properties, double-click IPv6, and follow these steps: a. Right-click IPv6, and select Properties.

b. On the General tab, make sure that Enable DHCP audit logging is selected. c. Click on Advanced tab, and take note of the audit log file path.

Note: You will need to supply this pathname when you set up the NIC SFTP Agent.

d. Click OK.

To configure Microsoft DHCP Server 2000 or 2003:

1. Open the Microsoft DHCP Server administration console.

2. In the left-hand pane, right-click the server name, and select Properties. 3. On the General tab, make sure that Enable DHCP audit logging is selected. 4. Click the Advanced tab, and take note of the audit log file path.

Note: You will need to supply this pathname when you set up the NIC SFTP Agent.

5. Click OK.

(3)

Configure RSA enVision to Retrieve the Log Files

Set up the NIC File Reader Service for the event source. For complete instructions, see the enVision Help topic "Set Up File Reader Service."

To set up the NIC File Reader Service:

1. In enVision, add the event source to the NIC File Reader Service. 2. Start the NIC File Reader Service.

For instructions, see the enVision Help.

3. In enVision, set up the FTP server (in multiple appliance sites, the FTP server is on an LC or RC). For instructions, see the enVision Help.

4. Install and set up the NIC SFTP Agent on the Microsoft DHCP host that send logs to enVision. Choose the appropriate configuration file depending upon your version:

l For Windows 2000, sftpagent_conf_msdhcpwin2000.txt l For Windows 2003, sftpagent_conf_msdhcpwin2003.txt l For Windows 2008, sftpagent.conf.msdhcpwin2k8 l For Windows 2012, sftpagent.conf.msdhcpwin2k12

Note: The SFTP sample file is available on RSA SecurCare Online (SCOL) and on the

RSA enVision appliance. For details, see RSA enVision NIC SFTP Agent Configuration.

For instructions on installing the NIC SFTP Agent, see RSA enVision NIC SFTP Agent Configuration, which is available on SecurCare Online.

5. From the Windows Services window, start the NIC SFTP Agent Service.

(4)

Set Up the NIC File Reader Service

For complete information on the NIC File Reader Service and adding an event source to the NIC File Reader Service, see the enVision help.

To set up the NIC File Reader Service:

1. In enVision, click Overview > System Configuration > Services > Device Services > Manage

File Reader Service..

2. Click Add.

3. Complete the following fields.

Field Value

IP Address Enter the IP address of the Microsoft DHCP server.

File Reader typeFrom the drop-down menu, select Microsoft_DHCP_version, where version is the version of Microsoft DHCP.

4. Make sure Start File Reader Service on Apply is cleared. 5. Click Apply.

Note: Depending on your version of Microsoft DHCP, log data in the raw log file may start on different

lines. Log data in Microsoft DHCP 2003 starts on line 30, and log data in Microsoft DHCP 2008 starts on line 32. If you have log data before these lines, you must configure the file reader.

To configure the file reader:

1. Log on to RSA enVision with your administrative credentials.

2. Click Overview > System Configuration > Services > Universal Device Collection > Manage

File Reader Service.

3. Depending on your version of Microsoft DHCP, click Microsoft DHCP 2003 or Microsoft

DHCP 2008 or Microsoft DHCP 2012.

4. In the Data start line drop-down list, do one of the following: l For Microsoft DHCP 2003, change the value to 30. l For Microsoft DHCP 2008, change the value to 32. l For Microsoft DHCP 2012:

l For IPv4, change the value to 34. l For IPv6, change the value to 37. 5. Click Apply.

(5)

Content 2.0 Release Notes

Microsoft DHCP Server Release Notes (20140311-145050)

New and Updated Event Messages in Microsoft DHCP Server

For complete details on new and updated messages, see the Event Source Update Help.

Microsoft DHCP Server Release Notes (20120927-104626)

What's New in This Release

RSA has added support for Microsoft DHCP Windows 2012 Server.

New and Updated Event Messages in Microsoft DHCP Server

For complete details on new and updated messages, see the Event Source Update Help.

Microsoft DHCP Server Release Notes (20120105-082058)

What's New in This Release

RSA updated Microsoft DHCP Server to Content 2.0. This event source uses the Application Servers table.

Content 2.0 features new tables and improvements to the parsing of event data into variables in those new tables.

For rules and reports, note the following:

l For factory reports, as existing event sources are converted to Content 2.0, their device-specific reports are updated to work with the new content. In some cases, class-specific reports have replaced device-specific reports.

l Factory correlated rules have been modified to take advantage of the improved tables, variables and parsing.

l Custom rules, that involve event sources updated to work with Content 2.0, need to be rewritten. l Custom reports may not produce the same results as previously. For guidance on updating custom

reports, see the accompanying table documentation and the RSA enVision Content Inspection Tool guide.

(6)

Standard Content Release Notes

Microsoft DHCP Server Release Notes (20110201-172305)

What's New in This Release

RSA has updated the configuration instructions for this release.

References

Download now ( PDF - 6 Page - 173.91 KB )

Related documents

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1

 Dynamic Host Configuration Protocol (DHCP)  DHCP server is responsible for providing. configuration information

National Center for Missing & Exploited Children Position Description

Identify key media organizations and build relationships with reporters, producers and editors to develop an understanding about the leadership position of the organization

As the global economy emerges from its three-year slumber,

In short, this approach replaces a company’s inefficient and ineffective incentive compensation management legacy application and processes with an optimized incentive

PARENT APPLICATION ~ CHILD CARE ASSISTANCE PROGRAM

Ninilchik Traditional Council Child Care Assistance Program eligibility requires that the children are Alaska Native or American Indian, you and your spouse/partner be employed

41376 UDP performing get device status Command Workstation (CWS), Harmony, Bi-directional Driver TCP/UDP

DNS (Domain Name Server) client to server lookup 53 TCP/UDP DHCP Client (Dynamic Host Configuration Protocol) 67 TCP DHCP Server (Dynamic Host Configuration Protocol) 68 TCP

co Sample Configurations for Cisco 7200 Broadband Aggreg

A Dynamic Host Configuration Protocol (DHCP) server configured in the 7200 assigns an IP address to the client workstation.. Important: Dynamic Host Configuration Protocol (DHCP)

Solutions2e Progress Test Un10 A

Ophelia is a tragic character in the play, but things seem to be going well for you since you became famous suddenly last year!. Ophelia: Yes, the last year has

LogLogic Microsoft Dynamic Host Configuration Protocol (DHCP) Log Configuration Guide

For information on configuring the LogLogic Appliance to capture Microsoft DHCP log messages, see Configuring the LogLogic Appliance for Data and File Collection on page