Are there any links or discussion related to how nxlog will be configured, so a Windows server can send DNS Analytical logs to a remote collector.

Thank you. Any direction is much appreciated.


With Analytical Logging enabled, NXLog can use the im_etw module to collect DNS logs from the Microsoft-Windows-DNSServer ETW provider.


    When using this the module below...the notes says "The following configuration collects DNS logs via ETW from the Microsoft-Windows-DNSServer provider, using the im_etw module. The collected logs are converted to JSON and saved to a file." Is there a a folder/filename that is being used by default?

    <Input etw>
    Module im_etw
    Provider Microsoft-Windows-DNSServer

    I think you will need something like this...

    <Extension json>
       Module xm_json
    <Input etw>
       Module im_etw
       Provider Microsoft-Windows-DNSServer
    <Output file>
       Module om_file
       File '/tmp/output.log'
       Exec to_json();