Configuring for Auditing

You configure DNS and DHCP for auditing and view audit results by using the DNS/DHCP Management Console as described in:

• Configuring DNS Auditing
• Viewing the DNS Event Log
• Viewing the DNS Audit Trail Log
• Configuring DHCP Auditing
• Viewing the DHCP Event Log
• Viewing the DHCP Audit Trail Log

Configuring DNS Auditing

To configure a DNS server to audit activities, complete the following steps:

1. Log in to the tree containing the service you want to begin auditing, launch the DNS/DHCP Management Console, and click the DNS Service tab.

2. Select the desired server to perform the auditing and click the Options tab.

3. Under Event Log, select Major Events or All.

4. Click the Enable Audit Trail Log check box.

5. Click Save on the tool bar.

Viewing the DNS Event Log

To view a DNS server's event log, complete the following steps:

1. Make sure you have CSATPXY.NLM loaded at the server. This can be added to your AUTOEXEC.NCF file.

2. Log in to the desired tree, launch the DNS/DHCP Management Console, and click the DNS Service tab.

3. Select the server that has been configured to perform event logging and click View Events/Alerts on the tool bar.

   The Events Period-Events Log dialog box displays the starting and ending dates of the current Event Log.

4. Click OK to view the event log for the period displayed, or modify the dates as desired and click OK.

   The events log is displayed, showing the entry time, severity, state, and description of each logged event.

5. Click Display Options to modify the time period to view or to view a specific event's severity and state.

   The Display Options dialog box is displayed enabling you to change the starting and ending dates, display one or more types of event severity, and to view specific operational states.

Viewing the DNS Audit Trail Log

To view a DNS server's audit trail log, perform the following steps.

1. Log in to the desired tree, launch the DNS/DHCP Management Console, and click the DNS Service tab.

2. Select the server that has been configured to perform auditing and click View Audit Trail on the tool bar.

   The Events Period-Audit Trail Log dialog box displays the starting and ending dates of the current audit trail log.

3. Click OK to view the audit trail log for the period displayed, or modify the dates as desired and click OK.

   The audit trail log is displayed, showing the entry time, type, IP address, and domain name DNS transaction.

4. Click Display Options to select the time period to view or to view one or more specific transaction types.

The DNS audit trail logs the following types of transactions:

• Agent Ready---The Simple Network Management Protocol (SNMP) agent is ready to receive or transmit requests.
• Query Received---The DNS server acknowledges receipt of a query by making an entry in the log file.
• Query Forwarded---The DNS server has forwarded a query to a client or another DNS server.
• Response Received---The DNS server has responded to a query from a client or another DNS server.

Configuring DHCP Auditing

You can configure a DHCP server for auditing using the Audit Trail and Alerts Option on the DHCP server Options tab page.

To configure a DHCP server to audit activities, complete the following steps:

1. Log in to the tree containing the service you want to begin auditing, launch the DNS/DHCP Management Console, and click the DHCP Service tab.

2. Select the desired server to perform the auditing and click the Options tab.

3. Select the type of auditing desired.

4. Click the Enable Audit Trail Log check box.

5. Click Save on the tool bar.

Viewing the DHCP Event Log

To view a DHCP server's event log, complete the following steps.

1. Log in to the desired tree, launch the DNS/DHCP Management Console, and click the DHCP Service tab.

2. Select the server that has been configured to perform event logging and click View Events/Alerts on the tool bar.

   The Events Period-Events Log dialog box displays the starting and ending dates of the current event log.

3. Click OK to view the event log for the period displayed, or modify the dates as desired and click OK.

   The events log is displayed showing the entry time, severity, state and description of each logged event.

4. Click Display Options to select the time period to view and/or to view specific event's severity and state.

   The Display Options dialog box is displayed, enabling you to change the starting and ending dates, display one or more types of event severity, and view specific operational states.

Viewing the DHCP Audit Trail Log

To view a DHCP server's audit trail log, complete the following steps.

1. Log in to the desired tree, launch the DNS/DHCP Management Console, and click the DHCP Service tab.

2. Select the server that has been configured to perform auditing and click View Audit Trail on the tool bar.

   The Events Period-Audit Trail Log dialog box displays the starting and ending dates of the current audit trail Log.

3. Click OK to view the audit trail log for the period displayed, or modify the dates as desired and click OK.

   The audit trail log displays the following information for each entry:

   • Entry time
   • IP address
   • Type
   • Status
   • Hostname
   • Hardware address
   • Client ID
   • Lease type

4. Click Display Options to modify the time period to view or to view one or more specific address lease types.

   The DHCP audit trail logs transactions based on the following types of address assignment or lease:

   • Manual
   • Dynamic
   • Automatic
   • Exclusion
   • Unauthorized
   • IPCP