ISC DHCPd
ISC dhcpd lease logs list discover, offer, request, renew and release actions for every DHCP client transaction.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (8)
| Field | Type |
|---|---|
dhcpd.ip DHCP client IP address assigned or requested. | string |
dhcpd.mac MAC address of the DHCP client. | string |
dhcpd.interface Network interface on which the DHCP message was received or sent. | string |
dhcpd.serverIp IP address of the DHCP server handling the request. | string |
dhcpd.xid Transaction ID (XID) of the DHCP exchange. | string |
dhcpd.action Action taken by the DHCP server (e.g., OFFER, ACK, NAK). | string |
dhcpd.clientHostname Hostname reported by the DHCP client. | string |
dhcpd.serverPort UDP port number used by the DHCP server. | pint |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.