Latest Version 1.0
October 26, 2015
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
Windows DNS Analytical and Diagnostic Logs
The Technology Addon for Windows DNS Analytical logs is designed to be used with Windows DNS servers running on Windows Server 2012 R2 and later. Microsoft has documented a new and recommended method for logging DNS requests using "audit and analytical event logging" as described in this TechNet article:
Built by
Compatibility
Not Available
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
The Technology Addon for Windows DNS Analytical logs is designed to be used with Windows DNS servers running on Windows Server 2012 R2 and later. Microsoft has documented a new and recommended method for logging DNS requests using "audit and analytical event logging" as described in this TechNet article:
https://technet.microsoft.com/en-us/library/dn800669.aspx
Analytical logs are written to an event trace log (ETL) and are not able to be read via Splunk's native Windows log monitor. A Powershell script is included that reads the ETL every minute using the Get-WinEvent cmdlet.
**NOTE: There is an issue with the manner in which logging is performed that does not allow for overwriting of the log file while in use. If the max file size is reached or disk becomes full, logging will stop (and, you know, Windows won't be happy either...)
Categories
Created By
Jake Walter
Type
addon
Downloads
1,858
Licensing
Splunk Answers
Resources
Log in to report this app listing