All Apps and Add-ons

Is there an add-on to monitor and parse DNS logs from Windows 2012 R2 DNS servers?

Contributor

I am looking for TA for DNS logs from 2012 R2 DNS servers. Would TA-DNSServer-NT6 work? I believe TA-DNSServer-NT6 was created for Windows 2008 R2 DNS Services.

0 Karma
1 Solution

Contributor

Contributor

Explorer

This doesn't seem to work for 2012 DNS Analytical logs. I have the following monitoring stanza but it's throwing an error.
[WinEventLog://Microsoft-Windows-DNSServer/Analytical]

'WinEventLogChannel::subscribeToEvtChannel: Could not subscribe to Windows Event Log channel ‘microsoft-windows-dnsserver/analytical errorCode=15009’

https://technet.microsoft.com/en-us/library/dn800669.aspx#dbug

Path Finder

Did you find a solution for reading the Microsoft-Windows-DNSServer/Analytical logs? It's my understanding from this article that the analytical log can't be read "online" if circular logging is enabled.
Error when enabling Analytic or Debug event log: "The requested operation cannot be performed over a...

One solution might be to switch the event log to manual clearing and configure the Splunk add-on to do that log clearing. I'm not sure if that's a feature of the add-on.

0 Karma

Splunk Employee
Splunk Employee

download splunk app for windows infrastructure https://splunkbase.splunk.com/app/1680/ then dive to appserver then to addons then you will find DNS TA and other usefull once ....

good luck