Description
This is a message from a DHCP server ( http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
), indicating that the server has been asked to provide an address
for a device on a network which the server is not configured to
provide addresses on.
This message could indicate one of several problems, all of
which bear investigating:
1) The DHCP server may be misconfigured; perhaps it *should* be
handing out addresses for that network, but isn't.
2) The router on the network which is forwarding the request
(the "via" address) may be forwarding the request to the wrong DHCP
server; perhaps the router should be configured to use another DHCP
server for that network.
3) The device requesting the address via DHCP may be
misconfigured; perhaps it is supposed to have a manually-configured
IP address, and won't function properly until this is resolved.
4) Someone may have attached an unauthorized device to the
network, where no such devices were expected.
To track this problem down, you could use Splunk to search for
the Ethernet address of the device in question (shown in the "from"
field of the message), to see where else it has been logged; if
your Ethernet switches and WiFi Access Points log when a
new device attaches to a given port, for example, you could easily
find out what switch/port or WAP the device is connected to. Or you
might be able to find other identifying info about the machine,
such as a username or machine name associated with that Ethernet
address