Windows DHCP Server: collecting events of blacklisted/whitelisted devices
Hello folks!
I'll try to be brief: Windows Server has a log called 'Microsoft-Windows-Dhcp-Server/FilterNotifications' that records activity within the scope when, for example, blacklisted devices attempt to join the LAN. When this happens, it generates Event ID 20094, 20096, or 20099, which refer to explicit or implicit denials. Attached are some screenshots for better understanding.
As you can see in the screenshot above, I'm using the 'eventlog' filter, specifying the event source and, of course, performing active checking as recommended in the documentation. In the example above, Event 20096 refers to a device that was denied an IP because it is explicitly on the blacklist. However, unfortunately, I have not been successful in collecting this data, and I can't find the reason why.
I went ahead and corrected the way the event source was referenced in the filter, and the error below no longer appears in the Zabbix agent log.
I tried changing the event source using 'Provider' and 'Channel', but without success. I’d appreciate it if you could help figure out what’s wrong. Thank you very much!
I'll try to be brief: Windows Server has a log called 'Microsoft-Windows-Dhcp-Server/FilterNotifications' that records activity within the scope when, for example, blacklisted devices attempt to join the LAN. When this happens, it generates Event ID 20094, 20096, or 20099, which refer to explicit or implicit denials. Attached are some screenshots for better understanding.
As you can see in the screenshot above, I'm using the 'eventlog' filter, specifying the event source and, of course, performing active checking as recommended in the documentation. In the example above, Event 20096 refers to a device that was denied an IP because it is explicitly on the blacklist. However, unfortunately, I have not been successful in collecting this data, and I can't find the reason why.
I went ahead and corrected the way the event source was referenced in the filter, and the error below no longer appears in the Zabbix agent log.
I tried changing the event source using 'Provider' and 'Channel', but without success. I’d appreciate it if you could help figure out what’s wrong. Thank you very much!
Comment