Post by j on Mar 20, 2017 19:56:13 GMT -5
Window Servers
=======================================================================================================================================
#Software: Microsoft Internet Information Services 7.5
=======================================================================================================================================
#Version: 1.0
#Date: 2014-06-06 00:01:00
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken=======================================================================================================================================
Microsoft DHCP Service Activity Log
=======================================================================================================================================
Event ID Meaning
00 The log was started.
01 The log was stopped.
02 The log was temporarily paused due to low disk space.
10 A new IP address was leased to a client.
11 A lease was renewed by a client.
12 A lease was released by a client.
13 An IP address was found to be in use on the network.
14 A lease request could not be satisfied because the scope's address pool was exhausted.
15 A lease was denied.
16 A lease was deleted.
17 A lease was expired and DNS records for an expired leases have not been deleted.
18 A lease was expired and DNS records were deleted.
20 A BOOTP address was leased to a client.
21 A dynamic BOOTP address was leased to a client.
22 A BOOTP request could not be satisfied because the scope's address pool for BOOTP was exhausted.
23 A BOOTP IP address was deleted after checking to see it was not in use.
24 IP address cleanup operation has began.
25 IP address cleanup statistics.
30 DNS update request to the named DNS server.
31 DNS update failed.
32 DNS update successful.
33 Packet dropped due to NAP policy.
34 DNS update request failed.as the DNS update request queue limit exceeded.
35 DNS update request failed.
50+ Codes above 50 are used for Rogue Server Detection information.
QResult: 0: NoQuarantine, 1:Quarantine, 2:Drop Packet, 3:Probation,6:No Quarantine Information ProbationTime:Year-Month-Day Hour:Minute:Second:MilliSecond.
ID,Date,Time,Description,IP Address,Host Name,MAC Address,User Name, TransactionID, QResult,Probationtime, CorrelationID,Dhcid.=======================================================================================================================================
Microsoft DHCPV6 Service Activity Log
=======================================================================================================================================
Event ID Meaning
11000 DHCPV6 Solicit.
11001 DHCPV6 Advertise.
11002 DHCPV6 Request.
11003 DHCPV6 Confirm.
11004 DHCPV6 Renew.
11005 DHCPV6 Rebind.
11006 DHCPV6 Decline.
11007 DHCPV6 Release.
11008 DHCPV6 Information Request.
11009 DHCPV6 Scope Full.
11010 DHCPV6 Started.
11011 DHCPV6 Stopped.
11012 DHCPV6 Audit log paused.
11013 DHCPV6 Log File.
11014 DHCPV6 Bad Address.
11015 DHCPV6 Address is already in use.
11016 DHCPV6 Client deleted.
11017 DHCPV6 DNS record not deleted.
11018 DHCPV6 Expired.
11019 DHCPV6 Leases Expired and Leases Deleted .
11020 DHCPV6 Database cleanup begin.
11021 DHCPV6 Database cleanup end.
11022 DNS IPV6 Update Request.
11023 DNS IPV6 Update Failed.
11024 DNS IPV6 Update Successful.
11028 DNS IPv6 update request failed.as the DNS update request queue limit exceeded.
11029 DNS IPv6 update request failed.
ID,Date,Time,Description,IPV6 Address,Host Name,Error Code, Duid Length, Duid Bytes(Hex),User Name,Dhcid.