With the following config file I am capturing the entire MS DNS logs. This includes the DNS header info which I want to filter out. I need help figuring out what I can add that will allow me to filter out the DNS header information.

define TAP_Sender_IP XXX.XXX.XXX.XXX define TAP_Sender_Port XXX

define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log LogLevel INFO

<Extension _syslog> Module xm_syslog </Extension>

<Input DNS> Module im_file File "C:\DNSlogs.txt" SavePos True <Exec> if ($raw_event =~ /^#/) OR ($raw_event == '') drop();
else { to_syslog_bsd(); } </Exec> </Input>

<Output Tap> Module om_udp Host %TAP_Sender_IP% Port %TAP_Sender_Port% </Output>

<Route primary> Path DNS => Tap </Route>

This config removes the blank spaces between DNS entries but leaves the file header. I'm Not sure what I need to change to prevent this from capturing the DNS header information. Does anyone have any suggestions Thanks in Advance Dags