DHCP Logging (can't find a solution!)

I know this question has been asked before but I can't find a solution for
my problem: I need to find which host had a certain IP assigned to it in a
specific date.
Windows 2003's DHCP server mantains only logs for a week (no longer than
that).

This will be use to analyze ISA logs (which only logs client ip address, not
host names). For example, given the following data:

"2008-01-01,192.168.0.22,www.someadultsite.com"
Which hostname/computer was assigned to "192.168.0.22" in "01/01/2008"?

So....

1) Any way to change this behaviour
2) Is there any another DHCP server for Windows that can do this?
3) Any other solution?

Thanks in advance!

"Gaspar" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I know this question has been asked before but I can't find a solution for
>my problem: I need to find which host had a certain IP assigned to it in a
>specific date.
> Windows 2003's DHCP server mantains only logs for a week (no longer than
> that).

The normal DHCP behavor is that Clients will always ask for the same config
they had the last time. So barring unforeseen circumstances it will still
be using the same IP config today.

> This will be use to analyze ISA logs (which only logs client ip address,
> not host names). For example, given the following data:

ISA will log the host name if done correctly.

ISA Logging
http://www.microsoft.com/technet/pro...b_logging.mspx
http://www.microsoft.com/technet/pro...practices.mspx
http://www.microsoft.com/technet/isa...onitoring.mspx

ISA Server 2004 FAQ: Monitoring and Logging
http://www.microsoft.com/technet/pro...onitoring.mspx

> "2008-01-01,192.168.0.22,www.someadultsite.com"
> Which hostname/computer was assigned to "192.168.0.22" in "01/01/2008"?

The ISA log will include the Username, which is more important than the host
name.
Don't use SecureNAT Clients (which can't authenticate) and you will always
get the Username
Don't use generic "shared" user account and you will always know who the
person was.

Without considering all the above, your findings will never be solid enough
to legally enact disipline upon the user(s) if the user chooses to sue the
company over your disipinary actions.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

ISA doesn't have "Client Host name" in Web logs (as it does in Firewall
logs)
So, I don't know how to log this, how to do this correctly.

Thanks

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> "Gaspar" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I know this question has been asked before but I can't find a solution for
>>my problem: I need to find which host had a certain IP assigned to it in a
>>specific date.
>> Windows 2003's DHCP server mantains only logs for a week (no longer than
>> that).
>
> The normal DHCP behavor is that Clients will always ask for the same
> config they had the last time. So barring unforeseen circumstances it
> will still be using the same IP config today.
>
>> This will be use to analyze ISA logs (which only logs client ip address,
>> not host names). For example, given the following data:
>
> ISA will log the host name if done correctly.
>
> ISA Logging
> http://www.microsoft.com/technet/pro...b_logging.mspx
> http://www.microsoft.com/technet/pro...practices.mspx
> http://www.microsoft.com/technet/isa...onitoring.mspx
>
> ISA Server 2004 FAQ: Monitoring and Logging
> http://www.microsoft.com/technet/pro...onitoring.mspx
>
>> "2008-01-01,192.168.0.22,www.someadultsite.com"
>> Which hostname/computer was assigned to "192.168.0.22" in "01/01/2008"?
>
> The ISA log will include the Username, which is more important than the
> host name.
> Don't use SecureNAT Clients (which can't authenticate) and you will always
> get the Username
> Don't use generic "shared" user account and you will always know who the
> person was.
>
> Without considering all the above, your findings will never be solid
> enough to legally enact disipline upon the user(s) if the user chooses to
> sue the company over your disipinary actions.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>

"Gaspar" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> ISA doesn't have "Client Host name" in Web logs (as it does in Firewall
> logs)
> So, I don't know how to log this, how to do this correctly.

All I can do is point you to those articles.

I only use the Monitoring Log in the ISA MMC. The clients are always Web
Proxy and Firewall [winsock] clients at the same time. All logging is
always logged to the default MSDE, I don't use a separate SQL Server or Text
Files.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

Look at the Partners link in my signature and see if there are any third
party add-ons for ISA to improve reporting abilities. There should be a few
in there. However due to the design of some of them the ISA must force
authentication which means you can never have any SecureNAT Clients which is
not always "doable" in the real world.
--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Gaspar" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> ISA doesn't have "Client Host name" in Web logs (as it does in Firewall
>> logs)
>> So, I don't know how to log this, how to do this correctly.
>
> All I can do is point you to those articles.
>
> I only use the Monitoring Log in the ISA MMC. The clients are always Web
> Proxy and Firewall [winsock] clients at the same time. All logging is
> always logged to the default MSDE, I don't use a separate SQL Server or
> Text Files.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
> http://download.microsoft.com/downlo...7/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Microsoft ISA Server Partners: Partner Hardware Solutions
> http://www.microsoft.com/forefront/e...epartners.mspx
> -----------------------------------------------------
>
>
>