Incomplete ETW log data for Microsoft-Windows-DNSServer
Hello,
Has anyone successfully configured the new event tracing for windows (ETW) input module in nxlog 4.0 to collect Windows DNSServer events? I configured it in nxlog, but the output file doesn't show most of the DNS queries being made. When I look at the nxlog output and compare it with a trace session in Event Viewer, Event Viewer shows all of the events but nxlog is missing almost all of them. There are a few entries in the nxlog file, but not many. I can't seem to reproduce the scenario that causes them to be included in the nxlog output file.
Info on setup: Server 2016 datacenter, v1607 nxlog 4.0.3735-x64
Related nxlog config:
<Input winetw> Module im_etw Provider Microsoft-Windows-DNSServer </Input> <Output file> Module om_file File 'C:\Windows\Logs\nxlog\test.txt' </Output> <Route messages_to_file> Path winetw => file </Route>
Have you already followed the instructions in the manual for enabling analytic logging?
If you are certain you have enabled it, it would be useful to know what kind of log entries you are not seeing. Is it always a certain event type/number?