Extracting responses from Microsoft DNS Server Analytical logs The 2019 Stack Overflow Developer Survey Results Are InThe DNS server machine currently has no DNS domain namePossible to forward logs for microsoft productsLog Location Url Responses of 301 redirects from IISDNS Configurations for Microsoft VDI on Hyper-V Server 2012How to configure Parallels Plesk 11 to use Google DNS serverIs it possible to update third party software using Microsoft Windows Server Update ServicesHow to find reason behind changed state of virtual machines?Windows DNS server randomly responds/times outnxlog get logs from applications and services logsOWA error: Exception type: Microsoft.Exchange.Data.Storage.StorageTransientException

Does adding complexity mean a more secure cipher?

Using `min_active_rowversion` for global temporary tables

Why not take a picture of a closer black hole?

How to support a colleague who finds meetings extremely tiring?

Cooking pasta in a water boiler

What is the motivation for a law requiring 2 parties to consent for recording a conversation

Mathematics of imaging the black hole

ELI5: Why do they say that Israel would have been the fourth country to land a spacecraft on the Moon and why do they call it low cost?

Did the UK government pay "millions and millions of dollars" to try to snag Julian Assange?

Are Newtonian Mechanics considered to be 'falsified'?

Why don't hard Brexiteers insist on a hard border to prevent illegal immigration after Brexit?

Did Scotland spend $250,000 for the slogan "Welcome to Scotland"?

What was the last CPU that did not have the x87 floating-point unit built in?

Am I ethically obligated to go into work on an off day if the reason is sudden?

What do I do when my TA workload is more than expected?

Loose spokes after only a few rides

Button changing its text & action. Good or terrible?

Deal with toxic manager when you can't quit

Christmas short horror story about a woman who becomes trapped in another body?

Accepted by European university, rejected by all American ones I applied to? Possible reasons?

What does 白沾 mean here?

Falsification in Math vs Science

Why can't devices on different VLANs, but on the same subnet, communicate?

Is there a way to generate a uniformly distributed point on a sphere from a fixed amount of random real numbers?



Extracting responses from Microsoft DNS Server Analytical logs



The 2019 Stack Overflow Developer Survey Results Are InThe DNS server machine currently has no DNS domain namePossible to forward logs for microsoft productsLog Location Url Responses of 301 redirects from IISDNS Configurations for Microsoft VDI on Hyper-V Server 2012How to configure Parallels Plesk 11 to use Google DNS serverIs it possible to update third party software using Microsoft Windows Server Update ServicesHow to find reason behind changed state of virtual machines?Windows DNS server randomly responds/times outnxlog get logs from applications and services logsOWA error: Exception type: Microsoft.Exchange.Data.Storage.StorageTransientException



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















Is it possible to extract the DNS responses from Microsoft DNS Server Analytical logs (Microsoft-Windows-DNS-Server/Analytical)? The logs contain a field called "PacketData" in the EventData section of the event, but so far I have unable to extract anything useful from the PacketData field.






windows logging dns-server parsing







share|improve this question






















  • Why do you want to track responses? You could just send a request to see the same answer. As of today, there is no way to extract given responses (aka "how many time google.com has been requested and by whom").

    – bjoster
    yesterday











  • @bjoster: Basically for passive DNS purposes.

    – treiman
    23 hours ago

















0















Is it possible to extract the DNS responses from Microsoft DNS Server Analytical logs (Microsoft-Windows-DNS-Server/Analytical)? The logs contain a field called "PacketData" in the EventData section of the event, but so far I have unable to extract anything useful from the PacketData field.






windows logging dns-server parsing







share|improve this question






















  • Why do you want to track responses? You could just send a request to see the same answer. As of today, there is no way to extract given responses (aka "how many time google.com has been requested and by whom").

    – bjoster
    yesterday











  • @bjoster: Basically for passive DNS purposes.

    – treiman
    23 hours ago













0












0








0








Is it possible to extract the DNS responses from Microsoft DNS Server Analytical logs (Microsoft-Windows-DNS-Server/Analytical)? The logs contain a field called "PacketData" in the EventData section of the event, but so far I have unable to extract anything useful from the PacketData field.






windows logging dns-server parsing







share|improve this question














Is it possible to extract the DNS responses from Microsoft DNS Server Analytical logs (Microsoft-Windows-DNS-Server/Analytical)? The logs contain a field called "PacketData" in the EventData section of the event, but so far I have unable to extract anything useful from the PacketData field.






windows logging dns-server parsing




windows logging dns-server parsing






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 26 at 12:43









treimantreiman

23114




23114












  • Why do you want to track responses? You could just send a request to see the same answer. As of today, there is no way to extract given responses (aka "how many time google.com has been requested and by whom").

    – bjoster
    yesterday











  • @bjoster: Basically for passive DNS purposes.

    – treiman
    23 hours ago

















  • Why do you want to track responses? You could just send a request to see the same answer. As of today, there is no way to extract given responses (aka "how many time google.com has been requested and by whom").

    – bjoster
    yesterday











  • @bjoster: Basically for passive DNS purposes.

    – treiman
    23 hours ago
















Why do you want to track responses? You could just send a request to see the same answer. As of today, there is no way to extract given responses (aka "how many time google.com has been requested and by whom").

– bjoster
yesterday





Why do you want to track responses? You could just send a request to see the same answer. As of today, there is no way to extract given responses (aka "how many time google.com has been requested and by whom").

– bjoster
yesterday













@bjoster: Basically for passive DNS purposes.

– treiman
23 hours ago





@bjoster: Basically for passive DNS purposes.

– treiman
23 hours ago










1 Answer
1






active

oldest

votes


















0














There are two places to find Windows DNS server logs - first, as you mentioned is via the DNS debug log file. There is also data available via Windows ETW Providers (Microsoft-Windows-DNS-Server-Service, Microsoft-Windows-DNSServer). I've used something like Microsoft Message Analyzer to do an event trace session, also a log collector NXLog (note: am involved in that project) to collect event trace data from the ETW Provider and write these out to JSON.



I know for sure that the PacketData field is found when you do an ETW trace of the Microsoft-Windows-DNSServer ETW Provider. See below for an excerpt using NXLog im_etw module with the JSON output. 



 
"EventTime": "2017-03-10 09:51:03",
"Provider": "Microsoft-Windows-DNSServer",
"TCP": "0",
"InterfaceIP": "10.2.0.162",
"Source": "10.2.0.198",
"RD": "1",
"QNAME": "nickelfreesolutions.com.",
"QTYPE": "1",
"XID": "11675",
"Port": "22416",
"Flags": "256",
"BufferSize": "41",
"PacketData":
"0x2D9B01000001000000000000136E69636B656C66726565736F6C7574696F6E7303636F6D0000010001",
"EventReceivedTime": "2017-03-10 09:51:04",
"SourceModuleName": "etw_in",
"SourceModuleType": "im_etw"






share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "2"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960037%2fextracting-responses-from-microsoft-dns-server-analytical-logs%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    There are two places to find Windows DNS server logs - first, as you mentioned is via the DNS debug log file. There is also data available via Windows ETW Providers (Microsoft-Windows-DNS-Server-Service, Microsoft-Windows-DNSServer). I've used something like Microsoft Message Analyzer to do an event trace session, also a log collector NXLog (note: am involved in that project) to collect event trace data from the ETW Provider and write these out to JSON.



    I know for sure that the PacketData field is found when you do an ETW trace of the Microsoft-Windows-DNSServer ETW Provider. See below for an excerpt using NXLog im_etw module with the JSON output. 



     
    "EventTime": "2017-03-10 09:51:03",
    "Provider": "Microsoft-Windows-DNSServer",
    "TCP": "0",
    "InterfaceIP": "10.2.0.162",
    "Source": "10.2.0.198",
    "RD": "1",
    "QNAME": "nickelfreesolutions.com.",
    "QTYPE": "1",
    "XID": "11675",
    "Port": "22416",
    "Flags": "256",
    "BufferSize": "41",
    "PacketData":
    "0x2D9B01000001000000000000136E69636B656C66726565736F6C7574696F6E7303636F6D0000010001",
    "EventReceivedTime": "2017-03-10 09:51:04",
    "SourceModuleName": "etw_in",
    "SourceModuleType": "im_etw"






    share|improve this answer



























      0














      There are two places to find Windows DNS server logs - first, as you mentioned is via the DNS debug log file. There is also data available via Windows ETW Providers (Microsoft-Windows-DNS-Server-Service, Microsoft-Windows-DNSServer). I've used something like Microsoft Message Analyzer to do an event trace session, also a log collector NXLog (note: am involved in that project) to collect event trace data from the ETW Provider and write these out to JSON.



      I know for sure that the PacketData field is found when you do an ETW trace of the Microsoft-Windows-DNSServer ETW Provider. See below for an excerpt using NXLog im_etw module with the JSON output. 



       
      "EventTime": "2017-03-10 09:51:03",
      "Provider": "Microsoft-Windows-DNSServer",
      "TCP": "0",
      "InterfaceIP": "10.2.0.162",
      "Source": "10.2.0.198",
      "RD": "1",
      "QNAME": "nickelfreesolutions.com.",
      "QTYPE": "1",
      "XID": "11675",
      "Port": "22416",
      "Flags": "256",
      "BufferSize": "41",
      "PacketData":
      "0x2D9B01000001000000000000136E69636B656C66726565736F6C7574696F6E7303636F6D0000010001",
      "EventReceivedTime": "2017-03-10 09:51:04",
      "SourceModuleName": "etw_in",
      "SourceModuleType": "im_etw"






      share|improve this answer

























        0












        0








        0







        There are two places to find Windows DNS server logs - first, as you mentioned is via the DNS debug log file. There is also data available via Windows ETW Providers (Microsoft-Windows-DNS-Server-Service, Microsoft-Windows-DNSServer). I've used something like Microsoft Message Analyzer to do an event trace session, also a log collector NXLog (note: am involved in that project) to collect event trace data from the ETW Provider and write these out to JSON.



        I know for sure that the PacketData field is found when you do an ETW trace of the Microsoft-Windows-DNSServer ETW Provider. See below for an excerpt using NXLog im_etw module with the JSON output. 



         
        "EventTime": "2017-03-10 09:51:03",
        "Provider": "Microsoft-Windows-DNSServer",
        "TCP": "0",
        "InterfaceIP": "10.2.0.162",
        "Source": "10.2.0.198",
        "RD": "1",
        "QNAME": "nickelfreesolutions.com.",
        "QTYPE": "1",
        "XID": "11675",
        "Port": "22416",
        "Flags": "256",
        "BufferSize": "41",
        "PacketData":
        "0x2D9B01000001000000000000136E69636B656C66726565736F6C7574696F6E7303636F6D0000010001",
        "EventReceivedTime": "2017-03-10 09:51:04",
        "SourceModuleName": "etw_in",
        "SourceModuleType": "im_etw"






        share|improve this answer













        There are two places to find Windows DNS server logs - first, as you mentioned is via the DNS debug log file. There is also data available via Windows ETW Providers (Microsoft-Windows-DNS-Server-Service, Microsoft-Windows-DNSServer). I've used something like Microsoft Message Analyzer to do an event trace session, also a log collector NXLog (note: am involved in that project) to collect event trace data from the ETW Provider and write these out to JSON.



        I know for sure that the PacketData field is found when you do an ETW trace of the Microsoft-Windows-DNSServer ETW Provider. See below for an excerpt using NXLog im_etw module with the JSON output. 



         
        "EventTime": "2017-03-10 09:51:03",
        "Provider": "Microsoft-Windows-DNSServer",
        "TCP": "0",
        "InterfaceIP": "10.2.0.162",
        "Source": "10.2.0.198",
        "RD": "1",
        "QNAME": "nickelfreesolutions.com.",
        "QTYPE": "1",
        "XID": "11675",
        "Port": "22416",
        "Flags": "256",
        "BufferSize": "41",
        "PacketData":
        "0x2D9B01000001000000000000136E69636B656C66726565736F6C7574696F6E7303636F6D0000010001",
        "EventReceivedTime": "2017-03-10 09:51:04",
        "SourceModuleName": "etw_in",
        "SourceModuleType": "im_etw"







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 15 mins ago









        NASAhorseNASAhorse

        13




        13



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Server Fault!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960037%2fextracting-responses-from-microsoft-dns-server-analytical-logs%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to make RAID controller rescan devices The 2019 Stack Overflow Developer Survey Results Are InLSI MegaRAID SAS 9261-8i: Disk isn't recognized after replacementHow to monitor the hard disk status behind Dell PERC H710 Raid Controller with CentOS 6?LSI MegaRAID - Recreate missing RAID 1 arrayext. 2-bay USB-Drive with RAID: btrfs RAID vs built-in RAIDInvalid SAS topologyDoes enabling JBOD mode on LSI based controllers affect existing logical disks/arrays?Why is there a shift between the WWN reported from the controller and the Linux system?Optimal RAID 6+0 Setup for 40+ 4TB DisksAccidental SAS cable removal

            Image
            Is "plugging out" electronic devices an American expression? Does a dangling wire really electrocute me if I'm standing in water? Adding labels to a table: columns and rows Spanish for "widget" Landlord wants to switch my lease to a "Land contract" to "get back at the city" Lethal sonic weapons On the insanity of kings as an argument against monarchy Is there a general name for the setup in which payoffs are not known exactly but players try to influence each other's perception of the payoffs? How long do I have to send my income tax payment to the IRS? Geography at the pixel level Can a zener diode with a higher power dissipation be used in place of the original one in an audio amplifier? How can I make payments on the Internet without leaving a money trail? What can other administrators access on my machine? Understanding the implication of what "well-defined" means for the operation in quotient group...
            Read more

            Куамањотепек (Чилапа де Алварез) Садржај Становништво Види још Референце Спољашње везе Мени за навигацију17°19′47″N 99°1′51″W / 17.32972° СГШ; 99.03083° ЗГД / 17.32972; -99.0308317°19′47″N 99°1′51″W / 17.32972° СГШ; 99.03083° ЗГД / 17.32972; -99.030838877656„Instituto Nacional de Estadística y Geografía”„The GeoNames geographical database”Мексичка насељапроширитиуу

            Image
            Насеља у општини Чилапа де Алварез (Гереро) шп.МексикуГерероопштиниЧилапа де Алварезнадморској висини2010 (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003Eсакријu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id...
            Read more

            Срби Садржај Географија Етимологија Генетика Историја Језик Религија Популација Познати Срби Види још Напомене Референце Извори Литература Спољашње везе Мени за навигацијууrs.one.un.orgАрхивираноАрхивирано из оригиналаПопис становништва из 2011. годинеCOMMUNITY PROFILE: SERB COMMUNITY„1996 population census in Bosnia and Herzegovina”„CIA - The World Factbook - Bosnia and Herzegovina”American FactFinder - Results„2011 National Household Survey: Data tables”„Srbi u Nemačkoj | Srbi u Njemačkoj | Zentralrat der Serben in Deutschland”оригинала„Vesti online - Srpski informativni portal”„The Serbian Diaspora and Youth: Cross-Border Ties and Opportunities for Development”оригиналаSerben-Demo eskaliert in Wien„The People of Australia – Statistics from the 2011 Census”„Erstmals über eine Million EU- und EFTA Angehörige in der Schweiz”STANOVNIŠTVO PREMA NARODNOSTI – DETALJNA KLASIFIKACIJA – POPIS 2011.(Завод за статистику Црне Горе)title=Présentation de la République de SerbieSerbian | EthnologuePopulation by ethnic affiliation, Slovenia, Census 1953, 1961, 1971, 1981, 1991 and 2002Попис на населението, домаќинствата и становите во Република Македонија, 2002: Дефинитивни податоциALBANIJA ETNIČKI ČISTI SRBE: Iščezlo 100.000 ljudi pokrštavanjem, kao što su to radile ustaše u NDH! | Telegraf – Najnovije vestiИз удаљене Аргентине„Tab11. Populaţia stabilă după etnie şi limba maternă, pe categorii de localităţi”Суседи броје Србе„Srpska Dijaspora”оригиналаMinifacts about Norway 2012„Statistiques - 01.06.2008”ПРЕДСЕДНИК СРБИЈЕ СА СРБИМА У БРАТИСЛАВИСлавка Драшковић: Многа питања Срба у Црној Гори нерешенаThe Spread of the SlavesGoogle Book„Distribution of European Y-chromosome DNA (Y-DNA) haplogroups by country in percentage”American Journal of Physical Anthropology 142:380–390 (2010)„Архивирана копија”оригинала„Haplogroup I2 (Y-DNA)”„Архивирана копија”оригиналаVTS 01 1 - YouTubeПрви сукоби Срба и Турака - Политикин забавникАрхивираноConstantine Porphyrogenitus: De Administrando ImperioВизантиски извори за историју народа ЈугославијеDe conversione Croatorum et Serborum: A Lost SourceDe conversione Croatorum et Serborum: Изгубљени извор Константина ПорфирогенитаИсторија српске државностиИсторија српског народаСрбофобија и њени извориСерска област после Душанове смртиИсторија ВизантијеИсторија средњовековне босанске државеСрби међу европским народимаСрби у средњем векуМедијиПодациууууу00577267

            Image
            БошњациМуслиманиАлбанциРомиХрвати СрбиЈужни СловениЕтничке групе Републике СрпскеЕтничке групе СрбијеЕтничке групе Босне и ХерцеговинеЕтничке групе Црне Го...
            Read more