Windows Server DNS analytical collection | Log collection solutions

#1 BD_656683 4 years ago

Hello I’m testing your NXlog EE in order to collect DNS Analytics from windows servers 2012.

I got error message below :

2020-08-24 18:32:51 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:34:53 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:36:54 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:38:55 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:40:55 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:42:56 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.

This is the configuration applied :

<Input ms_vistalog_filtered_dns> Module im_msvistalog File C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl PollInterval 60 Exec if ($QNAME == 'americas1.notify.windows.com.akadns.net.') OR
($QNAME == 'cy2.vortex.data.microsoft.com.akadns.net.') OR
($QNAME == 'dm3p.wns.notify.windows.com.akadns.net.') OR
($QNAME == 'geo.vortex.data.microsoft.com.akadns.net.') OR
($QNAME == 'v10-win.vortex.data.microsoft.com.akadns.net.') OR
($QNAME == 'v10-win.vortex.data.microsoft.com.akadns.NET.') OR
($QNAME == 'v10.vortex-win.data.microsoft.com.') OR
($QNAME == 'wns.notify.windows.com.akadns.net.') OR
($QNAME == 'wns.notify.windows.com.akadns.NET.') OR
($QNAME == 'client.wns.windows.com.') OR
($QTYPE == '15')
drop(); </Input>

Permalink

#2 rafDeactivated Nxlog ✓ 4 years ago

#1 BD_656683

Hello I’m testing your NXlog EE in order to collect DNS Analytics from windows servers 2012. I got error message below : 2020-08-24 18:32:51 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge. 2020-08-24 18:34:53 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge. 2020-08-24 18:36:54 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge. 2020-08-24 18:38:55 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge. 2020-08-24 18:40:55 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge. 2020-08-24 18:42:56 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge. This is the configuration applied : <Input ms_vistalog_filtered_dns> Module im_msvistalog File C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl PollInterval 60 Exec if ($QNAME == 'americas1.notify.windows.com.akadns.net.') OR ($QNAME == 'cy2.vortex.data.microsoft.com.akadns.net.') OR ($QNAME == 'dm3p.wns.notify.windows.com.akadns.net.') OR ($QNAME == 'geo.vortex.data.microsoft.com.akadns.net.') OR ($QNAME == 'v10-win.vortex.data.microsoft.com.akadns.net.') OR ($QNAME == 'v10-win.vortex.data.microsoft.com.akadns.NET.') OR ($QNAME == 'v10.vortex-win.data.microsoft.com.') OR ($QNAME == 'wns.notify.windows.com.akadns.net.') OR ($QNAME == 'wns.notify.windows.com.akadns.NET.') OR ($QNAME == 'client.wns.windows.com.') OR ($QTYPE == '15') drop(); </Input>

Hi,

Could you provide your full conf file?

Thanks,

Rafal