Auditing IPAM- Configuring DHCP and IPAM

One of the nicest advantages to IPAM is the ability to audit the different services that you are monitoring. In today’s complex IT world, we all have many different servers and applications that we are running to get our job done. We use Microsoft products and non-M icrosoft products to accomplish the tasks that help our end users do their jobs more efficiently.

One of the issues that we have because of using all of these different servers and applications is knowing how they all operate and making sure that we are keeping these products operating at maximum performance. As an IT member today, you have to be a jack of all trades when it comes to networking technologies. This is where auditing really comes into play. Being able to audit a server, services, or applications allows us to make sure that we are running these products the way they should be run.

Once you decide that you are going to be using IPAM for all of your IP- based services, you now also need a single application to monitor all of these services. IPAM allows you to audit the changes performed on the DNS and DHCP servers, audit the IPAM address usage trail, audit DHCP lease events, and audit user logon events (to name just a few). This is very easy to do since we are using the same IPAM console that we have used for everything else IPAM related. That’s the nice advantage. Normally if you want to audit these services, you have to open a different application. With IPAM, the auditing is located in the same console as the rest of the IPAM services.

IPAM allows you to audit all of the IPAM events using the Event Catalog (see Figure 6.29), or you can audit events just for the individual services like DHCP (see Figure 6.30).

FIGURE 6.30 DHCP Event Catalog

In Exercise 6.17 you’ll learn how to configure auditing for IPAM using Server Manager. I will show you how to audit the changes performed on the DNS and DHCP servers, audit the IPAM address usage trail, audit DHCP lease events, and audit user logon events.

EXERCISE 6.17

Configuring Auditing
  1. Open Server Manager.
  2. Click IPAM.
  3. Click Event Catalog in the navigation window. On the right side under IPAM Configuration Event, you will see all of the IPAM configuration events that have been logged.
  4. In the lower window, click DHCP Configuration Events. This will display any configuration changes made to the DHCP servers.
  5. Click IP Address Tracking. This allows you to audit the IP address usage. You can search this By IP Address, By Client ID, By Host Name, or By User Name. Click any of the categories to view the DHCP events.

6. In the Monitor And Manage section, click DNS And DHCP Servers. In the right-h and window, click either of the two servers and then click Event Catalog under Details View (see Figure 6.31). This allows you to monitor DNS and DHCP events independently. You can look at DHCP lease events or look at DNS zone events. It just depends on which server you are monitoring.

7. In the Monitor And Manage section, you can choose any server that you want to monitor, including your domain controllers. Just select the server and then click Event  Catalog under Details View. You can search domain controllers for user logon information, or you can choose NPS and see policy changes that were performed.

8. Once you have finished looking at all the different servers you have in IPAM, close Server Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *