56.4. Windows DHCP Client
Windows DHCP client logs are written to the EventLog. There are two logs for
IPv4 and two for IPv6. To enable the required logs, open Event Viewer
(eventvwr) and check the logs under
and
.
To enable a log, right-click on it and click Enable Log.
Alternatively, the following PowerShell script will check all four logs, enabling if necessary.
$LogNames = @("Microsoft-Windows-Dhcp-Client/Admin",
"Microsoft-Windows-Dhcp-Client/Operational",
"Microsoft-Windows-Dhcpv6-Client/Admin",
"Microsoft-Windows-Dhcpv6-Client/Operational")
ForEach ($LogName in $LogNames) {
$EventLog = Get-WinEvent -ListLog $LogName
if ($EventLog.IsEnabled) {
Write-Host "Already enabled: $LogName"
}
else {
Write-Host "Enabling: $LogName"
$EventLog.IsEnabled = $true
$EventLog.SaveChanges()
}
}Example 233. Collecting Windows DHCP Client Logs
This configuration collects events from the IPv4 and IPv6 Admin and
Operational DHCP client logs using the im_msvistalog module.
nxlog.conf ![[Download file]](images/icons/download_icon.png "Download file")
1
2
3
4
5
6
7
8
9
10
11
12
13
<Input dhcp_client_eventlog>
Module im_msvistalog
<QueryXML>
<QueryList>
<Query Id="0">
<Select Path="Microsoft-Windows-Dhcp-Client/Admin">*</Select>
<Select Path="Microsoft-Windows-Dhcp-Client/Operational">*</Select>
<Select Path="Microsoft-Windows-Dhcpv6-Client/Admin">*</Select>
<Select Path="Microsoft-Windows-Dhcpv6-Client/Operational">*</Select>
</Query>
</QueryList>
</QueryXML>
</Input>