Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

Microsoft DHCP (2003, 2008)

Microsoft DHCP

Supported OS

  • Windows 2003
  • Windows 2008 and 2008 R2
  • Windows 2012 and 2012 R2
  • Windows 2016
  • Windows 2019

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Process details

Process level CPU utilization, Memory utilization

Performance Monitoring

WMI

Process details, process to service mappings

Process level metrics (Win32_Process, Win32_PerfRawData_PerfProc_Process): uptime, CPU utilization, Memory utilization, Read I/O, Write I/O
DHCP metrics (Win32_PerfFormattedData_DHCPServer_DHCPServer): DHCP request rate, release rate, decline rate, Duplicate Drop rate, Packet Rate, Active Queue length, DHCP response time, Conflict queue length

Performance Monitoring

Windows Agent

Application type

DHCP address release/renew events that are used by FortiSIEM for Identity and location: attributes include IP Address, MAC address, Host Name

Security and compliance (associate machines to IP addresses)

Event Types

In ADMIN > Device Support > Event Types, search for "microsoft dhcp" to see the event types associated with this device.

Configuration

SNMP

See SNMP Configurations in the Microsoft Windows Server Configuration section.

WMI

See WMI Configurations in the Microsoft Windows Server Configuration section.

FortiSIEM Windows Agent

For information on configuring DHCP for FortiSIEM Windows Agent, see Collecting Windows DHCP Logs from Microsoft Windows Server via Agents.

Settings for Access Controls

See Setting Access Credentials in the Microsoft Windows Server Configuration section.

Microsoft DHCP (2003, 2008)

Microsoft DHCP

Supported OS

  • Windows 2003
  • Windows 2008 and 2008 R2
  • Windows 2012 and 2012 R2
  • Windows 2016
  • Windows 2019

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Process details

Process level CPU utilization, Memory utilization

Performance Monitoring

WMI

Process details, process to service mappings

Process level metrics (Win32_Process, Win32_PerfRawData_PerfProc_Process): uptime, CPU utilization, Memory utilization, Read I/O, Write I/O
DHCP metrics (Win32_PerfFormattedData_DHCPServer_DHCPServer): DHCP request rate, release rate, decline rate, Duplicate Drop rate, Packet Rate, Active Queue length, DHCP response time, Conflict queue length

Performance Monitoring

Windows Agent

Application type

DHCP address release/renew events that are used by FortiSIEM for Identity and location: attributes include IP Address, MAC address, Host Name

Security and compliance (associate machines to IP addresses)

Event Types

In ADMIN > Device Support > Event Types, search for "microsoft dhcp" to see the event types associated with this device.

Configuration

SNMP

See SNMP Configurations in the Microsoft Windows Server Configuration section.

WMI

See WMI Configurations in the Microsoft Windows Server Configuration section.

FortiSIEM Windows Agent

For information on configuring DHCP for FortiSIEM Windows Agent, see Collecting Windows DHCP Logs from Microsoft Windows Server via Agents.

Settings for Access Controls

See Setting Access Credentials in the Microsoft Windows Server Configuration section.