3
responses

Hello,

Are there any links or discussion related to how nxlog will be configured, so a Windows server can send DNS Analytical logs to a remote collector.

Thank you. Any direction is much appreciated.

Temy

AskedApril 28, 2020 - 8:43pm

Answer (1)

With Analytical Logging enabled, NXLog can use the im_etw module to collect DNS logs from the Microsoft-Windows-DNSServer ETW provider.

https://nxlog.co/documentation/nxlog-user-guide/windows-dns-server.html

Comments (2)

  • tomolte's picture

    When using this the module below...the notes says "The following configuration collects DNS logs via ETW from the Microsoft-Windows-DNSServer provider, using the im_etw module. The collected logs are converted to JSON and saved to a file." Is there a a folder/filename that is being used by default?

    <Input etw>
    Module im_etw
    Provider Microsoft-Windows-DNSServer
    </Input>

  • manuel.munoz's picture
    (NXLog)

    I think you will need something like this...

    <Extension json>
       Module xm_json
    </Extension>
    
    <Input etw>
       Module im_etw
       Provider Microsoft-Windows-DNSServer
    </Input>
    
    <Output file>
       Module om_file
       File '/tmp/output.log'
       Exec to_json();
    </Output>