Get the ip's which are assigned in the last 5 hrs
Hi,
Is there a script which can query with DHCP log files and tell me the last 5hrs ip that are leased and to whome.
Regards
Sharath
Is there a script which can query with DHCP log files and tell me the last 5hrs ip that are leased and to whome.
Regards
Sharath
Malli Boppe
I dodn't think so
I have a script that gets MAC addresses from a DHCP server for a given computer. I will see if I can search everything based on a time frame.
Basically, it uses a
netsh dhcp server \\DHCPServer scope 192.168.20.0 show
command.
Regards,
Rob.
Basically, it uses a
netsh dhcp server \\DHCPServer scope 192.168.20.0 show
command.
Regards,
Rob.
Sharath,
this looks to be a good tool....
DHCP Lease parser.. try it out..
http://sourceforge.net/projects/lease-parser/
this looks to be a good tool....
DHCP Lease parser.. try it out..
http://sourceforge.net/projects/lease-parser/
ASKER
I have downloaded this file.
leaseparser-0.9-1.src.rpm
What is this and how can i use this file
leaseparser-0.9-1.src.rpm
What is this and how can i use this file
Hi Sharath, from the "netsh dhcp" command I can only get the following fields:
Type : N - NONE, D - DHCP B - BOOTP, U - UNSPECIFIED, R - RESERVATION IP
==========================
IP Address - Subnet Mask - Unique ID - Lease Expires -Type -Name
==========================
Which means I can't tell when the lease was given out. As the expiration is also a somewhat random value, we can't subtract the lease duration from the expiration date.
I'll see if I can find anything else.
Regards,
Rob.
Type : N - NONE, D - DHCP B - BOOTP, U - UNSPECIFIED, R - RESERVATION IP
==========================
IP Address - Subnet Mask - Unique ID - Lease Expires -Type -Name
==========================
Which means I can't tell when the lease was given out. As the expiration is also a somewhat random value, we can't subtract the lease duration from the expiration date.
I'll see if I can find anything else.
Regards,
Rob.
ASKER
Ok Rob...
Actually, now I'm not so sure that the lease expiration *is* random.....
I have discovered how to retrieve the lease duration value (in seconds) from the DHCP server, so I will see how I go with subtracting that from the lease expiration field.
Regards,
Rob.
I have discovered how to retrieve the lease duration value (in seconds) from the DHCP server, so I will see how I go with subtracting that from the lease expiration field.
Regards,
Rob.
Sharath...
The DHCP parser.. is for LInux.. i was wrong...
The DHCP parser.. is for LInux.. i was wrong...
ASKER
ANY HELP...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
These 2 lines i am not able to follow
2. Change the
strDHCPServer = InputBox("Available DHCP Servers are:" & VbCrLf & _
lines so that it shows the names of your available DHCP servers
3. Select Case strDHCPServer
lines so that they read the correct Scope for each DHCP Server written in Step 2
I have done the other changes.When i run the script it asks me for the DHCP server name it gives this box.
It says the server is not a DHCP server.But it is a DHCP server.i tried giving 4 server names for all the servers i get this message
2. Change the
strDHCPServer = InputBox("Available DHCP Servers are:" & VbCrLf & _
lines so that it shows the names of your available DHCP servers
3. Select Case strDHCPServer
lines so that they read the correct Scope for each DHCP Server written in Step 2
I have done the other changes.When i run the script it asks me for the DHCP server name it gives this box.
It says the server is not a DHCP server.But it is a DHCP server.i tried giving 4 server names for all the servers i get this message
OK, for Step 2, you need to change:
strDHCPServer = InputBox("Available DHCP Servers are:" & VbCrLf & _
"DHCPServer1" & VbCrLf & _
"DHCPServer2" & VbCrLf & _
"DHCPServer3" & VbCrLf & _
"Enter the DHCP Server to search in:", "DHCP Server Name", "DHCPServer1")
and replace the DHCPServer1, DHCPServer2, and DHCPServer3 with the names of your DHCP servers, and add more if required.
For Step 3, you need to change:
Select Case strDHCPServer
Case "DHCPServer1"
strDHCPScope = "172.16.0.0"
Case "DHCPServer2"
strDHCPScope = "192.168.20.0"
Case "DHCPServer3"
strDHCPScope = "192.168.60.0"
Case Else
MsgBox strDHCPServer & " is not a known DHCP Server."
WScript.Quit
End Select
and replace the DHCPServer1, DHCPServer2, and DHCPServer3 with the names of your DHCP servers, and also change the IP Addresses on each strDHCPScope = to match the scope that is controlled by each DHCP Server. And add more here if required as well.
Regards,
Rob.
strDHCPServer = InputBox("Available DHCP Servers are:" & VbCrLf & _
"DHCPServer1" & VbCrLf & _
"DHCPServer2" & VbCrLf & _
"DHCPServer3" & VbCrLf & _
"Enter the DHCP Server to search in:", "DHCP Server Name", "DHCPServer1")
and replace the DHCPServer1, DHCPServer2, and DHCPServer3 with the names of your DHCP servers, and add more if required.
For Step 3, you need to change:
Select Case strDHCPServer
Case "DHCPServer1"
strDHCPScope = "172.16.0.0"
Case "DHCPServer2"
strDHCPScope = "192.168.20.0"
Case "DHCPServer3"
strDHCPScope = "192.168.60.0"
Case Else
MsgBox strDHCPServer & " is not a known DHCP Server."
WScript.Quit
End Select
and replace the DHCPServer1, DHCPServer2, and DHCPServer3 with the names of your DHCP servers, and also change the IP Addresses on each strDHCPScope = to match the scope that is controlled by each DHCP Server. And add more here if required as well.
Regards,
Rob.
ASKER
Which is the place i need to change the date and time if i need a different type of report
ASKER
One more change.I can raise a new question for this.
Is there a way to modify this script to find only computers that is not from my domain and ip's have been leased.
Ex:
There are persons who come from vendors side with there laptops and plug in to our netwok.
If we can find such persond then we can scan there machines for virus immediately.
What i need is find all computers which has bee lease an ip in the past 12 hrs and not in the domain Development.
This can be computers in workgroup or any other domain.
Is there a way to modify this script to find only computers that is not from my domain and ip's have been leased.
Ex:
There are persons who come from vendors side with there laptops and plug in to our netwok.
If we can find such persond then we can scan there machines for virus immediately.
What i need is find all computers which has bee lease an ip in the past 12 hrs and not in the domain Development.
This can be computers in workgroup or any other domain.
>> Which is the place i need to change the date and time if i need a different type of report
If you change the date and time format it will not output the correct thing because it will calculate the dates differently. On the other hand, if you're referrring to the interval of time that you want to view leases of (seeing as you mentioned 12 hours), change the following two values:
strInterval = "h"
intIntervalAmount = 5
where, the strInterval is one of:
"yyyy" (Year)
"q" (Quarter)
"m" (Month)
"y" (Day of year)
"d" (Day)
"w" ( Weekday)
"ww" (Week of year)
"h" (Hour)
"n" (Minute)
"s" (Second)
>> Is there a way to modify this script to find only computers that is not from my domain and ip's have been leased
The script uses this part:
Left(Mid(strSingleLine, 85), InStr(Mid(strSingleLine, 85), ".") - 1)
to return the computer name of each computer, without the domain suffix, so we could check the domain suffix (if it exists) to see if any non-domain computers will show up easily.
Before I put in that functionality, can you place this line:
objShell.Run "notepad C:\DHCPLeases.txt", 1, True
above this line:
objFSO.DeleteFile "C:\DHCPLeases.txt", True
which will show you the text file in full from the DHCP Server. Can you scan through that for any computer that you can see that is not part of your domain?
If so, what is the difference in the format from that of a computer on your domain?
Regards,
Rob.
If you change the date and time format it will not output the correct thing because it will calculate the dates differently. On the other hand, if you're referrring to the interval of time that you want to view leases of (seeing as you mentioned 12 hours), change the following two values:
strInterval = "h"
intIntervalAmount = 5
where, the strInterval is one of:
"yyyy" (Year)
"q" (Quarter)
"m" (Month)
"y" (Day of year)
"d" (Day)
"w" ( Weekday)
"ww" (Week of year)
"h" (Hour)
"n" (Minute)
"s" (Second)
>> Is there a way to modify this script to find only computers that is not from my domain and ip's have been leased
The script uses this part:
Left(Mid(strSingleLine, 85), InStr(Mid(strSingleLine, 85), ".") - 1)
to return the computer name of each computer, without the domain suffix, so we could check the domain suffix (if it exists) to see if any non-domain computers will show up easily.
Before I put in that functionality, can you place this line:
objShell.Run "notepad C:\DHCPLeases.txt", 1, True
above this line:
objFSO.DeleteFile "C:\DHCPLeases.txt", True
which will show you the text file in full from the DHCP Server. Can you scan through that for any computer that you can see that is not part of your domain?
If so, what is the difference in the format from that of a computer on your domain?
Regards,
Rob.
ASKER
Now i get all the machine names with the domain to a file.So that i can sort and find them.At present the script shows me all computers for which ip has been leased in the last 5 hrs.Am i correct.
Yes. What the script does is dump *all* of the DHCP data to a file, and then it just filters the results of that file according to the 5 hours that is speicifed by strInterval, and intIntervalAmount.
So, by putting that line in that opens DHCPLeases.txt with Notepad, that is unfiltered, full list of DHCP leases.
And yes, at present, because strInterval is "h" (hours), and intIntervalAmount is 5, it filters to those that were given within the last five hours.
So, as I mentioned, in the full, unfiltered list, do you see any computers that are not part of your domain?
For example, for computers that are in your domain, you should have:
xxx.xx.x.x - xxx.xxx.xxx.xxx - 00-00-00-00-00-00 -8/9/2007 12:15:03 PM -D- COMPNAME.development.com
Where COMPNAME.development.com is the computer name.
I'm wondering how non-domain PCs show up.....would it just be COMPNAME?
Regards,
Rob.
So, by putting that line in that opens DHCPLeases.txt with Notepad, that is unfiltered, full list of DHCP leases.
And yes, at present, because strInterval is "h" (hours), and intIntervalAmount is 5, it filters to those that were given within the last five hours.
So, as I mentioned, in the full, unfiltered list, do you see any computers that are not part of your domain?
For example, for computers that are in your domain, you should have:
xxx.xx.x.x - xxx.xxx.xxx.xxx - 00-00-00-00-00-00 -8/9/2007 12:15:03 PM -D- COMPNAME.development.com
Where COMPNAME.development.com is the computer name.
I'm wondering how non-domain PCs show up.....would it just be COMPNAME?
Regards,
Rob.
ASKER
Yes just the name or the machinename.Domain name
ASKER
Thanks a lot...
No problem....speak to you later....
Rob.
Rob.