Hello,

Has anyone successfully configured the new event tracing for windows (ETW) input module in nxlog 4.0 to collect Windows DNSServer events? I configured it in nxlog, but the output file doesn't show most of the DNS queries being made. When I look at the nxlog output and compare it with a trace session in Event Viewer, Event Viewer shows all of the events but nxlog is missing almost all of them. There are a few entries in the nxlog file, but not many. I can't seem to reproduce the scenario that causes them to be included in the nxlog output file.

Info on setup: Server 2016 datacenter, v1607 nxlog 4.0.3735-x64

Related nxlog config:

<Input winetw> Module im_etw Provider Microsoft-Windows-DNSServer </Input> <Output file> Module om_file File 'C:\Windows\Logs\nxlog\test.txt' </Output> <Route messages_to_file> Path winetw => file </Route>