diff --git a/roles/isc-dhcp-server/tasks/main.yml b/roles/isc-dhcp-server/tasks/main.yml
index 171d782..269843e 100644
--- a/roles/isc-dhcp-server/tasks/main.yml
+++ b/roles/isc-dhcp-server/tasks/main.yml
@@ -8,6 +8,19 @@
   retries: 3
   until: apt_result is succeeded
 
+- name: Ensure dhcp log directory exists
+  file:
+    path: /var/log/dhcp
+    owner: root
+    group: root
+    mode: u=rwx,g=rx,a=rx
+    state: directory
+
+- name: Ensute rsyslog knows where to send dhcp logs
+  lineinfile:
+    path: /etc/rsyslog.conf
+    regexp: '^local7[.][*]'
+    line: "local7.*                         /var/log/dhcp/dhcpd.log"
 
 - name: Configure /etc/default/isc-dhcp-server
   template:
@@ -15,7 +28,6 @@
     dest: /etc/default/isc-dhcp-server
     mode: 0644
 
-
 - name: Configure dhcp-failover.conf
   template:
     src: dhcp/dhcp-failover.conf.j2
diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
index 01b0a8d..9b166c2 100644
--- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@@ -22,10 +22,7 @@ ddns-update-style none;
 # network, the authoritative directive should be uncommented.
 authoritative;
 
-# Use this to send dhcp log messages to a different log file (you also
-# have to hack syslog.conf to complete the redirection).
-# XXX: This was enabled in one building and disabled in another.
-#log-facility local7;
+log-facility local7;
 
 
 # TODO: move this failover peer declaration to a separate file and include it.