000030963 - Microsoft DHCP 2008 Server event source type is not listed in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030963
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Log Decoder
RSA Version/Condition:
Platform: CentOS
Platform (Other): Microsoft DHCP Server
O/S Version: EL6
IssueWhen following the Event Source Log Configuration Guide for Microsoft DHCP Server, Step 5 cannot be performed because the microsoft_dhcp_2008 event source type does not appear in the list, as shown below.
User-added image
ResolutionIn order to get the event source to appear, the steps below must be performed.
  1. Deploy the Microsoft DHCP Log Collector Configuration content from RSA Live by navigating to the Live -> Search page in the Security Analytics UI.
  2. Restart the Log Collector service from the Administration -> Services page in the Security Analytics UI.