RSA Event Source Configuration Guide. Microsoft Dynamic Host Configuration Protocol Server



Similar documents
RSA Event Source Configuration Guide. Microsoft Internet Information Services

RSA Event Source Configuration Guide

RSA Event Source Configuration Guide. EMC Avamar

RSA Event Source Configuration Guide. Microsoft Exchange Server

RSA Event Source Configuration Guide. IBM iseries AS/400

RSA Event Source Configuration Guide. Citrix Xenmobile Mobile Device Manager

RSA Security Analytics

RSA Event Source Configuration Guide. McAfee Firewall Enterprise

RSA Security Analytics

RSA Event Source Configuration Guide. McAfee Database Security

RSA Security Analytics

To install the SMTP service:

RSA Security Analytics

RSA Security Analytics

HOW TO CONNECT TO FTP.TARGETANALYSIS.COM USING FILEZILLA. Installation

HP Device Manager 4.6

Lieberman Software Corporation Enterprise Random Password Manager

RSA Security Analytics

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Sync Appointments from the Schedule Certifications Screen

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Managing the System Event Log

HOW TO RETRIEVE FILES FROM THE TARGET ANALYTICS FTP SITE

FTP Server Configuration

Installation Logon Recording Basis. By AD Logon Name AD Logon Name(recommended) By Windows Logon Name IP Address

SAS 9.3 Foundation for Microsoft Windows

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

Print Audit 6 - SQL Server 2005 Express Edition

Installing Hortonworks Sandbox on Hyper-V

Host Installation on a Terminal Server

Network Printing In Windows 95/98/ME

ADSP Infrastructure Management Compliance Audit. How-To Guide

ESET SECURE AUTHENTICATION. Check Point Software SSL VPN Integration Guide

Dial Up Config & Connecting Instructions with Graphics

Managing the System Event Log

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

Sophos Anti-Virus for NetApp Storage Systems startup guide

NetBeat NAC Version 9.2 Build 4 Release Notes

Using Microsoft Expression Web to Upload Your Site

MadCap Software. Upgrading Guide. Pulse

Managing the System Event Log

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to IROC RI

System Area Management Software Tool Tip: Integrating into NetIQ AppManager


RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

How to use Data Protector 6.0 or 6.10 with Exchange Recovery Storage Groups to restore a single mailbox

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

WinSCP: Secure File Transfer Using WinSCP for Secure File Transfer on Windows

Wavecrest Certificate

Distributing SMS v2.0

Configuring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

CONSOLEWORKS WINDOWS EVENT FORWARDER START-UP GUIDE

Secure File Transfer Protocol Updated Procedures. June 20, 2011

Management, Logging and Troubleshooting

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

Ascend Interface Service Installation

Reference and Troubleshooting: FTP, IIS, and Firewall Information

AXIS 70U - Using Scan-to-File

Administration Guide. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

Secure Data Transfer

Set Up Setup with Microsoft Outlook 2007 using POP3

Net Report Configuration Guide for WMI on Windows 2000 & XP

Envelope (SMTP) Journaling for Microsoft Exchange 2007 and 2010

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Internet for Everyone In-Room Instructions January 2011 Version 1.3

LogLogic Microsoft Dynamic Host Configuration Protocol (DHCP) Log Configuration Guide

Virtual Desktop Infrastructure in

RSA Security Analytics

SOA Software API Gateway Appliance 7.1.x Administration Guide

Integration Guide. LogicNow MAXfocus

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

Trend Micro PC-cillin Internet Security 2006

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

uh6 efolder BDR Guide for Veeam Page 1 of 36

Integrate Cisco IronPort Web Security Appliance (WSA)

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

Census. di Monitoring Installation User s Guide

Appendix B Lab Setup Guide

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

Configuring Security Features of Session Recording

Installing and Configuring vcloud Connector

Integrating LANGuardian with Active Directory

Configuring for SFTP March 2013

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Configuring Network Load Balancing with Cerberus FTP Server

How to Schedule Report Execution and Mailing

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Using SSH Secure Shell Client for FTP

LPR for Windows 95/98/Me/2000/XP TCP/IP Printing User s Guide. Rev. 03 (November, 2001)

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Configure Managed File Transfer Endpoints

FTP, IIS, and Firewall Reference and Troubleshooting

Install FileZilla Client. Connecting to an FTP server

pcanywhere Advanced Configuration Guide

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

How to Configure a Secure Connection to Microsoft SQL Server

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Transcription:

Configuration Guide Microsoft Dynamic Host Configuration Protocol Server Last Modified: Tuesday, March 11, 2014 Event Source (Device) Product Information Vendor Microsoft Event Source (Device) Dynamic Host Configuration Protocol (DHCP) Server Supported Versions Windows 2000,Windows 2003, Windows 2008, Windows 2012 Additional Downloads sftpagent_conf_msdhcpwin2000.txt sftpagent_conf_msdhcpwin2003.txt sftpagent.conf.msdhcpwin2k8 sftpagent.conf.msdhcpwin2k12 RSA Product Information Supported Version RSA envision 4.0 and 4.1 Event Source (Device) Type msdhcp, 114 Collection Method File Reader Event Source (Device) Class.Subclass Host.Application Servers Content 2.0 Table Application Servers This document contains the following information for the Microsoft Dynamic Host Configuration Protocol (DHCP) Server event source: Configuration Instructions Content 2.0 Release Notes Standard Content Release Notes Microsoft DHCP Server Configuration Instructions You must complete these tasks to configure Microsoft DHCP Server to work with envision: I. Configure Microsoft DHCP server. II. Configure RSA envision to retrieve the log files. III. Set up the NIC File Reader Service. Copyright 2012 EMC Corporation. All Rights Reserved.

Configure Microsoft DHCP Server Follow the appropriate instructions for your version of Microsoft DHCP Server. To configure Microsoft DHCP Server 2008 or 2012: 1. Open the Microsoft DHCP Service Manager. 2. In the left-hand pane, double-click the server name. 3. To configure IPv4 properties, double-click IPv4, and follow these steps: a. Right-click IPv4, and select Properties. b. On the General tab, make sure that Enable DHCP audit logging is selected. c. Click the Advanced tab, and take note of the audit log file path. Note: You will need to supply this pathname when you set up the NIC SFTP Agent. d. Click OK. 4. To configure IPv6 properties, double-click IPv6, and follow these steps: a. Right-click IPv6, and select Properties. b. On the General tab, make sure that Enable DHCP audit logging is selected. c. Click on Advanced tab, and take note of the audit log file path. Note: You will need to supply this pathname when you set up the NIC SFTP Agent. d. Click OK. To configure Microsoft DHCP Server 2000 or 2003: 1. Open the Microsoft DHCP Server administration console. 2. In the left-hand pane, right-click the server name, and select Properties. 3. On the General tab, make sure that Enable DHCP audit logging is selected. 4. Click the Advanced tab, and take note of the audit log file path. Note: You will need to supply this pathname when you set up the NIC SFTP Agent. 5. Click OK. 2 Configure Microsoft DHCP Server

Configure RSA envision to Retrieve the Log Files Set up the NIC File Reader Service for the event source. For complete instructions, see the envision Help topic "Set Up File Reader Service." To set up the NIC File Reader Service: 1. In envision, add the event source to the NIC File Reader Service. 2. Start the NIC File Reader Service. For instructions, see the envision Help. 3. In envision, set up the FTP server (in multiple appliance sites, the FTP server is on an LC or RC). For instructions, see the envision Help. 4. Install and set up the NIC SFTP Agent on the Microsoft DHCP host that send logs to envision. Choose the appropriate configuration file depending upon your version: For Windows 2000, sftpagent_conf_msdhcpwin2000.txt For Windows 2003, sftpagent_conf_msdhcpwin2003.txt For Windows 2008, sftpagent.conf.msdhcpwin2k8 For Windows 2012, sftpagent.conf.msdhcpwin2k12 Note: The SFTP sample file is available on RSA SecurCare Online (SCOL) and on the RSA envision appliance. For details, see RSA envision NIC SFTP Agent Configuration. For instructions on installing the NIC SFTP Agent, see RSA envision NIC SFTP Agent Configuration, which is available on SecurCare Online. 5. From the Windows Services window, start the NIC SFTP Agent Service. Configure RSA envision to Retrieve the Log Files 3

Set Up the NIC File Reader Service For complete information on the NIC File Reader Service and adding an event source to the NIC File Reader Service, see the envision help. To set up the NIC File Reader Service: 1. In envision, click Overview > System Configuration > Services > Device Services > Manage File Reader Service.. 2. Click Add. 3. Complete the following fields. Field Value IP Address Enter the IP address of the Microsoft DHCP server. From the drop-down menu, select Microsoft_DHCP_version, File Reader type where version is the version of Microsoft DHCP. 4. Make sure Start File Reader Service on Apply is cleared. 5. Click Apply. Note: Depending on your version of Microsoft DHCP, log data in the raw log file may start on different lines. Log data in Microsoft DHCP 2003 starts on line 30, and log data in Microsoft DHCP 2008 starts on line 32. If you have log data before these lines, you must configure the file reader. To configure the file reader: 1. Log on to RSA envision with your administrative credentials. 2. Click Overview > System Configuration > Services > Universal Device Collection > Manage File Reader Service. 3. Depending on your version of Microsoft DHCP, click Microsoft DHCP 2003 or Microsoft DHCP 2008 or Microsoft DHCP 2012. 4. In the Data start line drop-down list, do one of the following: For Microsoft DHCP 2003, change the value to 30. For Microsoft DHCP 2008, change the value to 32. For Microsoft DHCP 2012: For IPv4, change the value to 34. 5. Click Apply. For IPv6, change the value to 37. 4 Set Up the NIC File Reader Service

Content 2.0 Release Notes Microsoft DHCP Server Release Notes (20140311-145050) New and Updated Event Messages in Microsoft DHCP Server For complete details on new and updated messages, see the Event Source Update Help. Microsoft DHCP Server Release Notes (20120927-104626) What's New in This Release RSA has added support for Microsoft DHCP Windows 2012 Server. New and Updated Event Messages in Microsoft DHCP Server For complete details on new and updated messages, see the Event Source Update Help. Microsoft DHCP Server Release Notes (20120105-082058) What's New in This Release RSA updated Microsoft DHCP Server to Content 2.0. This event source uses the Application Servers table. Content 2.0 features new tables and improvements to the parsing of event data into variables in those new tables. For rules and reports, note the following: For factory reports, as existing event sources are converted to Content 2.0, their device-specific reports are updated to work with the new content. In some cases, class-specific reports have replaced device-specific reports. Factory correlated rules have been modified to take advantage of the improved tables, variables and parsing. Custom rules, that involve event sources updated to work with Content 2.0, need to be rewritten. Custom reports may not produce the same results as previously. For guidance on updating custom reports, see the accompanying table documentation and the RSA envision Content Inspection Tool guide. Content 2.0 Release Notes 5

Standard Content Release Notes Microsoft DHCP Server Release Notes (20110201-172305) What's New in This Release RSA has updated the configuration instructions for this release. 6 Standard Content Release Notes